| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 119264 | 2011-07-14 00:58:00 | HJT | NZHawk (4093) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1216660 | 2011-07-14 00:58:00 | Could someone have a look through this HJT log for unnecessary & possible nasty. Much appreciated. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:55:44 AM, on 14/07/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe C:\Windows\Explorer.EXE C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\RVTripsetter\EasyPHP\EasyPHP.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Windows\ehome\ehmsas.exe C:\PROGRA~1\RVTRIP~1\EasyPHP\Apache\bin\apache.exe C:\PROGRA~1\RVTRIP~1\EasyPHP\Apache\bin\apache.exe C:\PROGRA~1\RVTRIP~1\EasyPHP\MySql\bin\mysqld.exe C:\Program Files\Hewlett-Packard\KBD\kbd.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Angie\Desktop\2 Cleaning Tools\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = search.alot.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: Babylon-EnglishBB Toolbar - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\prxtbBab0.dll O1 - Hosts: ::1 localhost O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Babylon-EnglishBB - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\prxtbBab0.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll O3 - Toolbar: Babylon-EnglishBB Toolbar - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\prxtbBab0.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O3 - Toolbar: Bitdefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\PROGRA~1\BITDEF~1\BITDEF~1\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMen u.exe" "c:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStart Menu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe" O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\E reg.ini" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe" O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe" O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Copy DB.bat O4 - Global Startup: EasyPHP.lnk = EasyPHP\EasyPHP.exe O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-NZ\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C3 48BC2E93EB2B.dll/cmsidewiki.html O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - platformdl.adobe.com O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - secure.logmein.com O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- End of file - 12486 bytes |
NZHawk (4093) | ||
| 1216661 | 2011-07-14 01:07:00 | Uninstall Alot toolbar R3 - URLSearchHook: (no name) - - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\ Ereg.ini" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW Whats this?? Is it for a schedule or something? O4 - Startup: Copy DB.bat Is this still installed? If it isnt tick this O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe If you use Teamviewer, update it. I think its up to 5 or 6 now |
Speedy Gonzales (78) | ||
| 1 | |||||