| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 120840 | 2011-09-28 21:36:00 | HJT log for Speedy or whoever | tuiruru (12277) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1234327 | 2011-09-28 21:36:00 | Hi this follows on from my post yesterday (pressf1.pcworld.co.nz). Everything seemed to check out, so thanks for all the input. This is just to cross all the "i"s and dot all the "t"s (I know there's a lot of self imposed crap at the end thatI should probably get rid of). Thanks :thumbs: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:30:37 a.m., on 29/09/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\TAMSvr.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe C:\Windows\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Windows\system32\svchost.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\COMODO\COMODO BackUp\COSService.exe C:\Windows\system32\svchost.exe C:\Program Files\Soluto\SolutoService.exe C:\Windows\system32\svchost.exe C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Program Files\Soluto\soluto.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Process Lasso\processlasso.exe C:\Program Files\Process Lasso\processgovernor.exe C:\Windows\system32\taskeng.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\USB Safely Remove\USBSafelyRemove.exe C:\Users\John Warren\Downloads\Auspex1.3.5.109\Auspex.exe C:\Program Files\Microsoft Office Labs\Speed Launch\SpeedLaunch.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\xNeat Clipboard Manager\xNeatClipMngr.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Sticky Password\stpass.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\PNotes\PNotes.exe C:\Windows\system32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Windows\tsnp2std.exe C:\Windows\vsnp2std.exe C:\Program Files\Preton\PretonSaver\PretonClient.exe C:\Program Files\Everything\Everything.exe C:\Program Files\TrueSuite Access Manager\usbnotify.exe C:\Program Files\TrueSuite Access Manager\PwdBank.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Simpo PDF Creator Lite\SpcLiteSrv.exe C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe C:\Program Files\ClipX\clipx.exe C:\Program Files\Aston2\Aston2.exe C:\Program Files\AltDesk\AltDesk.exe C:\Program Files\EventLog Inspector 2\ELInspector.exe C:\Program Files\SlickRun\sr.exe C:\Program Files\Grindstone 2\Grindstone 2.exe C:\Program Files\Gmail Notifier Pro\GmailNotifierPro.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\Program Files\WinSplit Revolution10.4\WinSplit.exe C:\Program Files\WinSplit Revolution10.4\WinSplitDrvr32.exe C:\Program Files\Touchpad Blocker\TouchpadBlocker.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehTray.exe C:\Windows\ehome\ehmsas.exe c:\program files\moo0\windowmenuplus 1.11\windowmenuplus.exe c:\users\john warren\appdata\local\nemo documents\nemodocs.exe c:\program files\qlock\qlock.exe c:\program files\belvedere\belvedere.exe c:\program files\phraseexpress\phraseexpress.exe C:\Program Files\CleanMem\mini_monitor.exe C:\Program Files\EventLog Inspector 2\ELIService.exe C:\Program Files\Common Files\MAGIX Services\Database_60405\bin\FABS.exe C:\Program Files\Common Files\MAGIX Services\Database_60405\bin\fbserver.exe C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe C:\Program Files\Preton\PretonSaver\PretonClientService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\USB Safely Remove\USBSRService.exe C:\Program Files\OO Software\DriveLED\DriveLED.exe C:\Program Files\NetMeter\NetMeter.exe C:\Program Files\Just Gestures\JustGestures.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HJT\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Progr am Files\Soluto\soluto.exe /userinit, O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\s wg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: CaptureSaver - {5148AB7D-8868-4490-B6DA-F98368488582} - C:\Program Files\CaptureSaver\CaptureSaverIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Just Gestures] C:\Program Files\Just Gestures\JustGestures.exe O4 - HKCU\..\Run: [Auspex] C:\Users\John Warren\Downloads\Auspex1.3.5.109\Auspex.exe O4 - HKCU\..\Run: [Speed Launch] "C:\Program Files\Microsoft Office Labs\Speed Launch\SpeedLaunch.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\John Warren\AppData\Local\Google\Update\GoogleUpdate.ex e" /c O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" O4 - HKCU\..\Run: [xNeat Clipboard Manager] C:\Program Files\xNeat Clipboard Manager\xNeatClipMngr.exe O4 - HKCU\..\Run: [StickyPassword] C:\Program Files\Sticky Password\stpass.exe O4 - HKCU\..\Run: [Tesseract-OCR] C:\Program Files\Tesseract-OCR\tesseract.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: AutorunsDisabled O4 - Startup: PNotes.lnk = C:\Program Files\PNotes\PNotes.exe O4 - Global Startup: AutorunsDisabled O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: Add to CaptureSaver - C:\Program Files\CaptureSaver\\AddFromIE.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5 B381380DB17F.dll/cmsidewiki.html O9 - Extra button: CaptureSaver - {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - C:\Program Files\CaptureSaver\CaptureSaverIE.dll O9 - Extra 'Tools' menuitem: CaptureSaver - {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - C:\Program Files\CaptureSaver\CaptureSaverIE.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - platformdl.adobe.com O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\Windows\system32\guard32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\Windows\system32\TAMSvr.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Comodo Online Storage Service (COSService.exe) - Unknown owner - C:\Program Files\COMODO\COMODO BackUp\COSService.exe O23 - Service: EventLog Inspector Service (ELIService) - Unknown owner - C:\Program Files\EventLog Inspector 2\ELIService.exe O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database_60405\bin\FABS.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database_60405\bin\fbserver.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe O23 - Service: PretonSaver (PretonClientService) - Unknown owner - C:\Program Files\Preton\PretonSaver\PretonClientService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe O23 - Service: Comodo BackUp Service (SynchronizationService.exe) - Unknown owner - C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files\USB Safely Remove\USBSRService.exe -- End of file - 14802 bytes |
tuiruru (12277) | ||
| 1234328 | 2011-09-28 22:03:00 | You should have added this to that post O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Speed Launch] "C:\Program Files\Microsoft Office Labs\Speed Launch\SpeedLaunch.exe" I dont know what this is. But I dont think it should be running from that folder O4 - HKCU\..\Run: [Auspex] C:\Users\John Warren\Downloads\Auspex1.3.5.109\Auspex.exe O4 - Startup: AutorunsDisabled O4 - Global Startup: AutorunsDisabled |
Speedy Gonzales (78) | ||
| 1234329 | 2011-09-28 22:13:00 | You should have added this to that post O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Speed Launch] "C:\Program Files\Microsoft Office Labs\Speed Launch\SpeedLaunch.exe" Thanks for the prompt reply Speedy I dont know what this is. But I dont think it should be running from that folder O4 - HKCU\..\Run: [Auspex] C:\Users\John Warren\Downloads\Auspex1.3.5.109\Auspex.exe O4 - Startup: AutorunsDisabled O4 - Global Startup: AutorunsDisabled "O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Speed Launch] "C:\Program Files\Microsoft Office Labs\Speed Launch\SpeedLaunch.exe" The first one - I have updated Java recently. The second one - I know what that is - it's a handy little "Launcher" So what should i do with the first one (if anything)? " O4 - HKCU\..\Run: [Auspex] C:\Users\John Warren\Downloads\Auspex1.3.5.109\Auspex.exe O4 - Startup: AutorunsDisabled O4 - Global Startup: AutorunsDisabled" I know what Auspex is doing so that's legit I kinda know about the last two, but what do you recommend? Thanks for your time |
tuiruru (12277) | ||
| 1234330 | 2011-09-28 22:19:00 | Well if you did the last 2, leave them there. Remove the rest / and auspex.exe if you dont know what it is | Speedy Gonzales (78) | ||
| 1234331 | 2011-09-28 22:24:00 | Well if you did the last 2, leave them there. Remove the rest / and auspex.exe if you dont know what it is Thanks |
tuiruru (12277) | ||
| 1 | |||||