| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 96629 | 2009-01-17 01:00:00 | Just checking! HJT | PPp (9511) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 739640 | 2009-01-17 01:00:00 | Had Online Armour with a starting problem so uninstaller/reinstalled it, seems OK (Couldn't find anything relevant in the Tall Emu forums) Decided to scan for nasties cleanup defrag etc when Malware bytes got stuck. So I thought a HJT log might be a good thing. Help anyone? |
PPp (9511) | ||
| 739641 | 2009-01-17 01:03:00 | Wheres the log? | Speedy Gonzales (78) | ||
| 739642 | 2009-01-17 01:16:00 | sorry brain fade. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:47:14 p.m., on 17/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe E:\Programs\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe E:\Programs\isposure\IsposureAgent.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\nvsvc32.exe E:\Programs\Sandboxi\SbieSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\WINDOWS\system32\ctfmon.exe E:\Programs\Sandboxi\SbieCtrl.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe E:\Programs\Sandboxi\SbieCtrl.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe E:\Programs\isposure\IsposureAgent.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - E:\Programs\Canon Printer\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Programs\Canon Printer\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SandboxieControl] "E:\Programs\Sandboxi\SbieCtrl.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-21-1004336348-884357618-839522115-1005\..\Run: [SandboxieControl] "E:\Programs\Sandboxi\SbieCtrl.exe" (User 'Jope') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://E:\Programs\Canon Printer\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://E:\Programs\Canon Printer\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://E:\Programs\Canon Printer\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://E:\Programs\Canon Printer\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{3532B2EF-D821-4DA2-9AEB-6A0E897C0B75}: NameServer = 58.28.4.2,58.28.6.2 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - E:\Programs\antispyware\SASWINLO.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - E:\Programs\a-squared Free\a2service.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IsposureAgent (isposure_svc) - Epitiro Ltd. - E:\Programs\isposure\IsposureAgent.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - E:\Programs\Sandboxi\SbieSvc.exe O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- End of file - 7911 bytes |
PPp (9511) | ||
| 739643 | 2009-01-17 01:38:00 | Looks ok to me but you can tick these then tick fix checked Close browsers O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c Looks like Online armour can use 40-50% of the CPU. I would uninstall it |
Speedy Gonzales (78) | ||
| 739644 | 2009-01-17 01:47:00 | And get Comodo or Kerio | Blam (54) | ||
| 739645 | 2009-01-17 01:57:00 | Thanks Speedy, can you reccomend a firewall? I see you use Comodo, I saw somewhere it is tricky to setup, unless you know what your doing so that put me off it. I see blam5 says Kerio. |
PPp (9511) | ||
| 739646 | 2009-01-17 01:58:00 | correction blam6 | PPp (9511) | ||
| 739647 | 2009-01-17 02:01:00 | I'm not using a firewall at the mo. Used to use zonealarm, it got too annoying. Used to use comodo, its not that hard to configure. But right now, I'm not using one. Besides the router's. All, I'm using is Avast, Malwarebytes and trojan remover However, I would install something, if youre into P2P / file sharing |
Speedy Gonzales (78) | ||
| 739648 | 2009-01-17 02:03:00 | Cool | PPp (9511) | ||
| 739649 | 2009-01-17 02:21:00 | Your router firewall may be sufficient if you don't use any p2p programs | Blam (54) | ||
| 1 | |||||