| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 91613 | 2008-07-12 15:38:00 | Yet another HJT Log ! | DUNK (1527) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 688299 | 2008-07-12 15:38:00 | Hi folks, I think that I may have a problem. Sent an email to a friend. She replied "What's with the Chinese characters" Well! I certainly didn't put em there! Did a full check. Nothing found. So. I take the liberty of pasting an HJT Log here. Please check it for me. And pass judgment upon it. Hope that I've done it correctly! Regards. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:16:21 a.m., on 13/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Raxco\PerfectDiskRx\PD9Engine.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Ad Muncher\AdMunch.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\AdSubtract\adsub.exe C:\Program Files\Raxco\PerfectDiskRx\PD9Agent.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Documents and Settings\Dunk\My Documents\Program Downloads\Hijack This\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=AdSubtract:4444 O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [PerfectDiskRx] C:\Program Files\Raxco\PerfectDiskRx\PerfectDiskRx.exe /tray /startrun O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\RunOnce: [AdSubtract] C:\Program Files\AdSubtract\Cleaner.exe wipedat O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Block frame with Ad Muncher - www.admuncher.com O8 - Extra context menu item: Block image with Ad Muncher - www.admuncher.com O8 - Extra context menu item: Block link with Ad Muncher - www.admuncher.com O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Don't filter page with Ad Muncher - www.admuncher.com O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O8 - Extra context menu item: Report page to the Ad Muncher developers - www.admuncher.com O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{3C85C281-707E-4B1A-A49D-653129E020C5}: NameServer = 203.96.152.4,203.96.152.12 O17 - HKLM\System\CS1\Services\Tcpip\..\{3C85C281-707E-4B1A-A49D-653129E020C5}: NameServer = 203.96.152.4,203.96.152.12 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: PD9Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDiskRx\PD9Engine.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 8488 bytes |
DUNK (1527) | ||
| 688300 | 2008-07-12 22:41:00 | Looks clean to me, but these can be ticked then tick fix checked Close browsers O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" You dont need AdSubtract and Admuncher. They do the same thing. If these are for IE, you could use IE7Pro, which is free. And does the same thing |
Speedy Gonzales (78) | ||
| 688301 | 2008-07-13 01:24:00 | Thanks for that Speedy ... I'll take your advice. AdSubtractPro does give you the opportunity to save cookies that you want to keep though. That's the only reason that I keep it. It's quite old now & unsupported! Java updater at least alerted me of the available update. But, as you say, it could probably go from the 'start menu' I've done a check with all my 'cleaners' and your OK clinches it. "I'm Clean" Thank you, once again Sir. :clap Regards. Dunk. |
DUNK (1527) | ||
| 688302 | 2008-07-13 01:27:00 | No probs :) | Speedy Gonzales (78) | ||
| 1 | |||||