| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 89326 | 2008-04-27 23:49:00 | 2x HJT Logs | jwil1 (65) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 663202 | 2008-04-27 23:49:00 | Can someone please check these logs . They're from the same PC but one's from XP one from Vista . I don't THINK there's anything wrong with them, justa a regular checkup . Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 10:47:03 a . m . , on 28/04/2008 Platform: Windows Vista SP1 (WinNT 6 . 00 . 1905) MSIE: Internet Explorer v7 . 00 (7 . 00 . 6001 . 18000) Boot mode: Normal Running processes: C:\Windows\System32\smss . exe C:\Windows\system32\csrss . exe C:\Windows\system32\wininit . exe C:\Windows\system32\csrss . exe C:\Windows\system32\services . exe C:\Windows\system32\lsass . exe C:\Windows\system32\lsm . exe C:\Windows\system32\winlogon . exe C:\Windows\system32\svchost . exe C:\Windows\system32\svchost . exe C:\Windows\System32\svchost . exe C:\Windows\System32\svchost . exe C:\Windows\System32\svchost . exe C:\Windows\system32\svchost . exe C:\Windows\system32\SLsvc . exe C:\Windows\system32\svchost . exe C:\Windows\system32\svchost . exe C:\Windows\System32\ZoneLabs\vsmon . exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe C:\Program Files\Alwil Software\Avast4\ashServ . exe C:\Windows\System32\spoolsv . exe C:\Windows\system32\svchost . exe C:\Windows\system32\Dwm . exe C:\Windows\system32\taskeng . exe C:\Program Files\ASUS\AASP\1 . 00 . 32\aaCenter . exe C:\Windows\Explorer . EXE C:\Program Files\Windows Defender\MSASCui . exe C:\Windows\RtHDVCpl . exe C:\Program Files\Alwil Software\Avast4\ashDisp . exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient . exe C:\Windows\System32\rundll32 . exe C:\Windows\System32\rundll32 . exe C:\Program Files\SiteAdvisor\6253\SiteAdv . exe C:\Program Files\Java\jre1 . 6 . 0_05\bin\jusched . exe C:\Windows\ehome\ehtray . exe C:\Program Files\Windows Sidebar\sidebar . exe C:\Program Files\Windows Media Player\wmpnscfg . exe C:\Windows\ehome\ehmsas . exe C:\Program Files\PDFCreator\PDFCreator . exe C:\Program Files\BandwidthMeter\BandwidthMeter . exe C:\Program Files\MagicDisc\MagicDisc . exe C:\Windows\system32\taskeng . exe C:\Program Files\Common Files\LightScribe\LSSrvc . exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm . exe C:\Windows\system32\svchost . exe C:\Program Files\Spyware Doctor\pctsAuxs . exe C:\Program Files\Spyware Doctor\pctsSvc . exe C:\Program Files\SiteAdvisor\6253\SAService . exe C:\Windows\System32\svchost . exe C:\Windows\system32\SearchIndexer . exe C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe C:\Windows\system32\wbem\wmiprvse . exe C:\Program Files\Alwil Software\Avast4\ashWebSv . exe C:\Program Files\Windows Media Player\wmpnetwk . exe C:\Windows\system32\wbem\unsecapp . exe C:\Program Files\Microsoft Virtual PC\Virtual PC . exe C:\Program Files\Spyware Doctor\pctsTray . exe C:\Windows\ehome\ehsched . exe C:\Windows\ehome\ehRecvr . exe C:\Program Files\Mozilla Firefox\firefox . exe Z:\SOFTWARE\SYSTEM\Diagnostics\HijackThis\HijackTh is . exe C:\Windows\system32\wbem\wmiprvse . exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: btorbit . com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth . dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv . dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1 . 6 . 0_05\bin\ssv . dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv . dll O4 - HKLM\ . . \Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui . exe -hide O4 - HKLM\ . . \Run: [RtHDVCpl] RtHDVCpl . exe O4 - HKLM\ . . \Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp . exe O4 - HKLM\ . . \Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui . exe O4 - HKLM\ . . \Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient . exe" O4 - HKLM\ . . \Run: [NvSvc] RUNDLL32 . EXE C:\Windows\system32\nvsvc . dll,nvsvcStart O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\Windows\system32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [NvMediaCenter] RUNDLL32 . EXE C:\Windows\system32\NvMcTray . dll,NvTaskbarInit O4 - HKLM\ . . \Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray . exe" O4 - HKLM\ . . \Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv . exe O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1 . 6 . 0_05\bin\jusched . exe" O4 - HKCU\ . . \Run: [ehTray . exe] C:\Windows\ehome\ehTray . exe O4 - HKCU\ . . \Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar . exe /autoRun O4 - HKCU\ . . \Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG . exe O4 - HKUS\S-1-5-19\ . . \Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar . exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\ . . \Run: [WindowsWelcomeCenter] rundll32 . exe oobefldr . dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\ . . \Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar . exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Bandwidth Meter . lnk = C:\Program Files\BandwidthMeter\BandwidthMeter . exe O4 - Startup: MagicDisc . lnk = C:\Program Files\MagicDisc\MagicDisc . exe O4 - Startup: Traffic Usage Checker . lnk = C:\Program Files\Traffic Usage Checker\tuc . exe O4 - Global Startup: PDFCreator . lnk = C:\Program Files\PDFCreator\PDFCreator . exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt . dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt . dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt . dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt . dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL . EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_05\bin\ssv . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_05\bin\ssv . dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE . dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE . dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR . DLL O13 - Gopher Prefix: O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene . dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ . exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv . exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT . exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc . exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService . exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs . exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc . exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService . exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon . exe -- End of file - 8745 bytes Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 10:51:27 a . m . , on 28/04/2008 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\csrss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\ZoneLabs\vsmon . exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe C:\Program Files\Alwil Software\Avast4\ashServ . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\Common Files\LightScribe\LSSrvc . exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm . exe C:\WINDOWS\system32\nvsvc32 . exe C:\Program Files\Spyware Doctor\pctsAuxs . exe C:\Program Files\Spyware Doctor\pctsSvc . exe C:\WINDOWS\Explorer . EXE C:\WINDOWS\RTHDCPL . EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient . exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp . exe C:\WINDOWS\system32\RUNDLL32 . EXE C:\Program Files\Spyware Doctor\pctsTray . exe C:\WINDOWS\system32\ctfmon . exe C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe C:\Program Files\Alwil Software\Avast4\ashWebSv . exe C:\WINDOWS\System32\alg . exe C:\WINDOWS\system32\wbem\wmiprvse . exe C:\Program Files\Alwil Software\Avast4\setup\avast . setup Z:\SOFTWARE\SYSTEM\Diagnostics\HijackThis\HijackTh is . exe C:\WINDOWS\system32\wuauclt . exe O4 - HKLM\ . . \Run: [RTHDCPL] RTHDCPL . EXE O4 - HKLM\ . . \Run: [Alcmtr] ALCMTR . EXE O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\WINDOWS\system32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient . exe" O4 - HKLM\ . . \Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp . exe O4 - HKLM\ . . \Run: [nwiz] nwiz . exe /install O4 - HKLM\ . . \Run: [NvMediaCenter] RUNDLL32 . EXE C:\WINDOWS\system32\NvMcTray . dll,NvTaskbarInit O4 - HKLM\ . . \Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray . exe" O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKUS\S-1-5-19\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\CTFMON . EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\CTFMON . EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\CTFMON . EXE (User 'SYSTEM') O4 - HKUS\ . DEFAULT\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\CTFMON . EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL . EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE . dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE . dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR . DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - . update . microsoft . com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site . cab?1207878580796" target="_blank">www . update . microsoft . com O20 - AppInit_DLLs: WIKI . DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ . exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv . exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT . exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc . exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService . exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32 . exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs . exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc . exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon . exe -- End of file - 4987 bytes :thanks |
jwil1 (65) | ||
| 663203 | 2008-04-28 00:04:00 | The Vista log, you can tick these entries, then tick fix checked Close browsers O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\Windows\system32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [NvMediaCenter] RUNDLL32 . EXE C:\Windows\system32\NvMcTray . dll,NvTaskbarInit O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1 . 6 . 0_05\bin\jusched . exe" O13 - Gopher Prefix: The XP log tick these O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\WINDOWS\system32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [nwiz] nwiz . exe /install O4 - HKLM\ . . \Run: [NvMediaCenter] RUNDLL32 . EXE C:\WINDOWS\system32\NvMcTray . dll,NvTaskbarInit Not too sure what this is or what it does O20 - AppInit_DLLs: WIKI . DLL <-- after you tick this and tick fix checked . Find this file and delete it I wouldnt put Spyware Doctor in startup, tick its entry or disable it from starting on startup O4 - HKLM\ . . \Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray . exe" |
Speedy Gonzales (78) | ||
| 1 | |||||