| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 98203 | 2009-03-15 06:23:00 | Hijack This and CCleaner | mathsgood (13356) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 756661 | 2009-03-15 06:23:00 | I promise this will be the last post for today:D Could someone analyse my Hijack This Log and CCleaner Installed Programs Log?:thanks:thanks Thanks:thanks Hijack This Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:22:19 p.m., on 15/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\WINDOWS\PixArt\PAC7302\Monitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LClock\lclock.exe C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\11\ISUSPM.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\mspaint.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.live.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Windows Internet Explorer 8 Provided by Wilson Lin O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: connecttoWILSONCOMPUTERnetworkusingNeTWorKS.bat O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Links to this page - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\gbacklinks.htm O8 - Extra context menu item: &Similar pages - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\gsimilar.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Explore Here - c:\windows\Web\explorehere.htm O8 - Extra context menu item: Go To Registry Key - c:\windows\Web\regjump.htm O8 - Extra context menu item: Look up in Mr&Check... - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\tumrcheck.htm O8 - Extra context menu item: MS-KB Lookup - C:\Windows\Web\mskb.htm O8 - Extra context menu item: Open in &new window - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm O8 - Extra context menu item: Search with &Google - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\gsearch.htm O8 - Extra context menu item: Send Using &Gmail - C:\Program Files\SnipIT\SnipIT\sendusinggmail.htm O8 - Extra context menu item: Send Using &Hotmail - C:\Program Files\SnipIT\SnipIT\sendusinghotmail.htm O8 - Extra context menu item: Send Using &Outlook - C:\Program Files\SnipIT\SnipIT\sendusingoutlook.htm O8 - Extra context menu item: Send Using &Yahoo - C:\Program Files\SnipIT\SnipIT\sendusingyahoo.htm O8 - Extra context menu item: Show page from the &cache - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\gcache.htm O8 - Extra context menu item: Translate this page with Google - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm O8 - Extra context menu item: Translate with &dict.leo.org - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\tutrans.htm O8 - Extra context menu item: View old version at &archives.org - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\tuarch.htm O8 - Extra context menu item: Zoom &in* - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm O8 - Extra context menu item: Zoom &out* - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ProxyPick - {FF819DA3-FF82-FF44-ADF5-6EF17ECF3C6E} - "C:\Program Files\IEToys\ProxyPick.exe" (file missing) O9 - Extra 'Tools' menuitem: ProxyPick - {FF819DA3-FF82-FF44-ADF5-6EF17ECF3C6E} - "C:\Program Files\IEToys\ProxyPick.exe" (file missing) O9 - Extra button: Immediately wipe all browsing history - {FFFFFF9F-A66E-4D5D-996F-1A4450298FFF} - C:\Program Files\IEToys\ClearTracks.dll O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - www.pcpitstop.com O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - aolsvc.aol.com O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - messenger.zone.msn.com O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - utilities.pcpitstop.com O23 - Service: .nesiadem - - (no file) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 12186 bytes CCleaner Installed Programs Log: Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Shockwave Player 11 Audacity 1.2.6 avast! Antivirus Bayden IEToys (remove only) Burger Island 2 (tb) (remove only) CCleaner (remove only) Classic Menu 3.9x for Office 2007 ClearType Tuning Control Panel Applet Compatibility Pack for the 2007 Office system Cooking Academy 2 (tb) (remove only) Diner Dash2 - (remove only) Farm Frenzy (tb) (remove only) filehippo.com Update Checker Foxit Reader HijackThis 2.0.2 Image Resizer Powertoy for Windows XP Inline Search v1.5.0 for Internet Explorer (remove only) InstallShield 2009 InstallShield 2009 MSI Setup Prerequisite Files for .NET Language Packs Java(TM) 6 Update 12 K-Lite Codec Pack 4.5.3 (Full) LClock LDOCE Lexmark 1200 Series Lingoes 2.5.3 Malwarebytes' Anti-Malware Media Library Management Wizard Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office FrontPage 2003 Microsoft Office Live Add-in 1.3 Microsoft Office OneNote 2003 Microsoft Office Professional 2007 Trial Microsoft Office Project Professional 2003 Microsoft Silverlight Microsoft Text-to-Speech Engine 4.0 (English) Microsoft Visual C++ 2005 Redistributable Mini Golf Master 2 Movie Maker Background Music Files Movie Maker Sound Effects Movie Maker Title Images MSXML 4.0 SP2 (KB954430) Nero 7 Essentials Nicktoons HoverZone Nikon Transfer OpenOffice.org 3.0 Personal License Update Wizard for Windows Media Player Picasa 3 Plant Tycoon (tb) (remove only) Plus! MP3 Audio Converter LE Realtek High Definition Audio Driver SiS Mirage 3 Graphics SnipIT Spybot - Search & Destroy TuneUp Utilities 2008 Tweak UI Unlocker 1.8.7 Update for Windows XP (KB943729) VGA USB Camera Windows Internet Explorer 8 Release Candidate 1 Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Bonus Pack for Windows XP Windows Media Player Playlist Import to Excel Wizard Windows Media Player Skin Importer Windows Media Player Tray Control Windows Search 4.0 WinRAR archiver ZoneAlarm Thanks:thanks |
mathsgood (13356) | ||
| 756662 | 2009-03-15 06:31:00 | You can tick these then tick fix checked Close browsers O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') Are you on a network / domain or something why this is here? O4 - Global Startup: connecttoWILSONCOMPUTERnetworkusingNeTWorKS.bat O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O23 - Service: .nesiadem - - (no file) Is this working? If it isnt tick it O9 - Extra button: ProxyPick - {FF819DA3-FF82-FF44-ADF5-6EF17ECF3C6E} - "C:\Program Files\IEToys\ProxyPick.exe" (file missing) O9 - Extra 'Tools' menuitem: ProxyPick - {FF819DA3-FF82-FF44-ADF5-6EF17ECF3C6E} - "C:\Program Files\IEToys\ProxyPick.exe" (file missing) |
Speedy Gonzales (78) | ||
| 1 | |||||