| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 102281 | 2009-08-14 04:44:00 | HJT scan | effie c (6856) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 800988 | 2009-08-14 04:44:00 | Hi, Please audit this file - somewhere I have 2 gb space used and for a change I cannot locate it effie cLogfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:42:24 p.m., on 14/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ESET\ESET Smart Security\egui.exe D:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE D:\Program Files\Skype\Phone\Skype.exe D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe D:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\E_S00RP1.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\SAgent4.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Downloads\HJTInstall.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = nz.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nz.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.crawler.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = dnl.crawler.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.crawler.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = dnl.crawler.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!Xtra O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Program Files\IEPro\iepro.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\ swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /O5 "LPT1:" /M "Stylus C46" O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE /P23 "EPSON Stylus C45 Series" /M "Stylus C45" /EF "HKCU" O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "D:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - D:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - D:\Program Files\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE O23 - Service: Google Update Service (gupdate1c9ef91474df2a4) (gupdate1c9ef91474df2a4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe -- End of file - 9880 bytes |
effie c (6856) | ||
| 800989 | 2009-08-14 05:05:00 | Looks clean to me but you can tick these then tick fix checked Close browsers O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "D:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" Did you run ccleaner? |
Speedy Gonzales (78) | ||
| 800990 | 2009-08-14 05:21:00 | Hi SG Thanks for HJT scan- I thought it should be fairly clean Yes I ran CCleaner and got 49.8 mb back Somewhere I did see a 29000 bit file but now I cannot find it There has to be some explanation to suddenly lose 2 gb space and not have something to show for it I will carry on my own for the time being - but grateful thanks to you people effie c |
effie c (6856) | ||
| 800991 | 2009-08-14 05:26:00 | Hi Speedy again :eek: I just ran a computer search and found some ginormous file sizes-Please take a glance and see it that is where my problem is oops sorry I cannot paste the log but at the top of the page is SP3 with 29000 KB cab files in it and further down many at 39000 KB effie c |
effie c (6856) | ||
| 800992 | 2009-08-14 05:28:00 | Office does install an MSocache folder in C: or wherever you installed Office. Thats probably where 1/2 - 1/4 of its gone (if you selected the option, it takes up 528mb on here), when you installed office. This saves you from putting the cd in all the time, everytime you update whatever in Office. Whatever it is its not in the log |
Speedy Gonzales (78) | ||
| 1 | |||||