| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 92649 | 2008-08-17 12:16:00 | hijack this log for speedy | apsattv (7406) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 698129 | 2008-08-17 12:16:00 | Hey speedy what "clutter" would you cut from this log Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 11:39:02 p . m . , on 17/08/2008 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v7 . 00 (7 . 00 . 6000 . 16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe C:\WINDOWS\Explorer . EXE C:\WINDOWS\system32\nvraidservice . exe C:\WINDOWS\SOUNDMAN . EXE C:\Program Files\Adobe\Adobe Acrobat 7 . 0\Distillr\Acrotray . exe C:\Program Files\ScanSoft\PaperPort\pptd40nt . exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper . exe C:\Program Files\Logitech\QuickCam\Quickcam . exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui . exe C:\WINDOWS\system32\ctfmon . exe C:\Program Files\Messenger\msmsgs . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv . exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn . exe C:\Program Files\Monsoon Multimedia\Drivers\havasvc . exe C:\Program Files\Java\jre6\bin\jqs . exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer . exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService . exe C:\WINDOWS\system32\nvsvc32 . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr . exe C:\Program Files\UPHClean\uphclean . exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer . exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Qualcomm\Eudora\Eudora . exe C:\Program Files\Windows Live\Messenger\msnmsgr . exe C:\Program Files\Altiris\Software Virtualization Agent\SVSAdmin . exe C:\Program Files\Minefield\firefox . exe C:\WINDOWS\system32\NOTEPAD . EXE C:\Program Files\Internet Explorer\IEXPLORE . EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy . exe C:\Program Files\Yahoo!\Messenger\YahooMessenger . exe C:\Program Files\SpeedFan\speedfan . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = . vodafone . co . nz/help/ihug-customers-welcome . jsp" target="_blank">www . vodafone . co . nz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7 . 0\ActiveX\AcroIEHelper . dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv . dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin . dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7 . 0\Acrobat\AcroIEFavClient . dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv . dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin . dll O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\PROGRA~1 \NETSNI~1\NetSnip . dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7 . 0\Acrobat\AcroIEFavClient . dll O4 - HKLM\ . . \Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice . exe O4 - HKLM\ . . \Run: [SoundMan] SOUNDMAN . EXE O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\WINDOWS\system32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2 \ControlPanel\VersionCueCS2Tray . exe" O4 - HKLM\ . . \Run: [Acrobat Assistant 7 . 0] "C:\Program Files\Adobe\Adobe Acrobat 7 . 0 \Distillr\Acrotray . exe" O4 - HKLM\ . . \Run: [NvMediaCenter] RunDLL32 . exe NvMCTray . dll,NvTaskbarInit O4 - HKLM\ . . \Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd . exe" clear O4 - HKLM\ . . \Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt . exe O4 - HKLM\ . . \Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt . exe O4 - HKLM\ . . \Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch . exe O4 - HKLM\ . . \Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd . exe /AUTORUN O4 - HKLM\ . . \Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt . exe O4 - HKLM\ . . \Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen . exe /autorun O4 - HKLM\ . . \Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper . exe" O4 - HKLM\ . . \Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam . exe" /hide O4 - HKLM\ . . \Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui . exe" /hide /waitservice O4 - HKCU\ . . \Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger . exe" -quiet O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs . exe" /background O4 - HKUS\S-1-5-18\ . . \Run: [Picasa Media Detector] C:\Program Files\Picasa2 \PicasaMediaDetector . exe (User 'SYSTEM') O4 - HKUS\ . DEFAULT\ . . \Run: [Picasa Media Detector] C:\Program Files\Picasa2 \PicasaMediaDetector . exe (User 'Default user') O4 - Startup: SpeedFan . lnk = C:\Program Files\SpeedFan\speedfan . exe O8 - Extra context menu item: Add to Net Snippets - C:\PROGRA~1\NETSNI~1\Res\Clipper . htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7 . 0\Acrobat\AcroIEFavClient . dll/AcroIECapture . html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7 . 0\Acrobat\AcroIEFavClient . dll/AcroIEAppend . html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7 . 0\Acrobat\AcroIEFavClient . dll/AcroIECaptureSelLinks . html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7 . 0\Acrobat\AcroIEFavClient . dll/AcroIEAppendSelLinks . html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7 . 0\Acrobat\AcroIEFavClient . dll/AcroIECapture . html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7 . 0\Acrobat\AcroIEFavClient . dll/AcroIEAppend . html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7 . 0\Acrobat\AcroIEFavClient . dll/AcroIECapture . html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7 . 0\Acrobat\AcroIEFavClient . dll/AcroIEAppend . html O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\PROGRA~1 \NETSNI~1\NetSnip . dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - . tvunetworks . com/TVUAx . cab" target="_blank">dl . tvunetworks . com O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - . tvlution . com/KooPlayer . ocx" target="_blank">www . tvlution . com O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - . ppstream . com/bin/powerplayer . cab" target="_blank">www . ppstream . com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - . update . microsoft . com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site . cab?" target="_blank">www . update . microsoft . com 1190629016640 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - . macromedia . com/get/shockwave/cabs/flash/swflash . cab" target="_blank">fpdownload2 . macromedia . com O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - . yahoo . com/cab/yvwrctl . cab" target="_blank">chat . yahoo . com O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - . com/files/driveragent . cab" target="_blank">driveragent . com O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc . exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2 . exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv . exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn . exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe O23 - Service: HAVA Service (havasvc) - Monsoon Multimedia Inc . - C:\Program Files\Monsoon Multimedia\HAVA Wizard\ . . \Drivers\havasvc . exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc . - C:\Program Files\Java\jre6\bin\jqs . exe O23 - Service: LVCOMSer - Logitech Inc . - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer . exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc . - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv . exe O23 - Service: LVSrvLauncher - Logitech Inc . - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch . exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService . exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32 . exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv . exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv . exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc . - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr . exe -- End of file - 10345 bytes |
apsattv (7406) | ||
| 698130 | 2008-08-17 21:27:00 | You cant tick a lot otherwise whatever wont work Tick these then tick fix checked Close browsers You can run this from the menu O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE |
Speedy Gonzales (78) | ||
| 698131 | 2008-08-18 07:57:00 | Yeah I thought that it was near as clean as it was going to get. Guess these could be dumped or disabled O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HAVA Service (havasvc) - Monsoon Multimedia Inc. - C:\Program Files\Monsoon Multimedia\HAVA Wizard\..\Drivers\havasvc.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe |
apsattv (7406) | ||
| 698132 | 2008-08-18 08:33:00 | You may want to keep the Ulead one. If you've got some kind of dvd burning program, (ie: Ulead DVD workshop) it may not work without this : C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe I dont know if you need Ntune or not Wont hurt to uninstall the others Have you got some kind of MP3 / Media player?? This looks like it loads firmware for something O23 - Service: HAVA Service (havasvc) - Monsoon Multimedia Inc. - C:\Program Files\Monsoon Multimedia\HAVA Wizard\..\Drivers\havasvc.exe |
Speedy Gonzales (78) | ||
| 698133 | 2008-08-18 10:05:00 | You may want to keep the Ulead one. If you've got some kind of dvd burning program, (ie: Ulead DVD workshop) it may not work without this : C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe I dont know if you need Ntune or not Wont hurt to uninstall the others Have you got some kind of MP3 / Media player?? This looks like it loads firmware for something O23 - Service: HAVA Service (havasvc) - Monsoon Multimedia Inc. - C:\Program Files\Monsoon Multimedia\HAVA Wizard\..\Drivers\havasvc.exe Ulead is part of the software relating to the burning streams content off the Hava, neither is Necessary. Ntune isn't necessary Don't use Adaware as realtime monitoring so I guess it can be disabled as a service Googleupdater is more crapware.. |
apsattv (7406) | ||
| 698134 | 2008-08-18 10:09:00 | Uninstall all of those then. If you disable adware, uninstall it. No point having it if you disable it |
Speedy Gonzales (78) | ||
| 698135 | 2008-08-18 11:26:00 | I do ocasionally run a scan with adaware . Would it work ok with service set to manual startup? will try ulead and adaware set both on manual |
apsattv (7406) | ||
| 698136 | 2008-08-18 20:35:00 | Malwarebytes would probably do a better job And it would get updated more often (like 3+4 times a day) |
Speedy Gonzales (78) | ||
| 1 | |||||