| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 79620 | 2007-05-26 09:50:00 | Hijack this log | Morgenmuffel (187) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 553332 | 2007-05-26 09:50:00 | Ok here is my hijack this log, I have spotted a couple of things that I am not sure of how to get rid of -- ppInit_DLLs: PAVWAIT.DLL I don't have Panda Antivirus and haven't had it since 2004 or 2005 -- and as for quicktime and the ipod stuff I'm sure I have removed them from the startup many times but they keep coming back anyway the log is below Logfile of HijackThis v1.99.1 Scan saved at 19:58:18, on 26/05/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\SYSTEM32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINNT\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\WINNT\system32\UAService7.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\NILaunch.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe E:\UltraVNC\winvnc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE E:\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE G:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.xtramsn.co.nz R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = g.xtramsn.co.nz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = g.xtramsn.co.nz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Webzings N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://E%3A%5CSeaMonkey%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Nigel\Application Data\Mozilla\Profiles\default\o76jfzzf.slt\prefs.j s) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PHP Designer Toolbar Helper - {588869E0-6C28-400a-8A1A-2A099E41CE9B} - C:\Program Files\PHP Designer Toolbar\v2.0.0.1\PHP_Designer_Toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: PHP Designer Toolbar - {1DA183EF-8E1B-4a18-B927-CAB06B60FA46} - C:\Program Files\PHP Designer Toolbar\v2.0.0.1\PHP_Designer_Toolbar.dll O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [Net-It Launcher] C:\WINNT\system32\NILaunch.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe O4 - Startup: Copy of Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe O4 - Startup: Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Adobe\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Adobe\Reader\AdobeCollabSync.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-nz\msntabres.dll.mui/229?269b539981ec4d00bfa1261108724633 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-nz\msntabres.dll.mui/230?269b539981ec4d00bfa1261108724633 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Flyswat - {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} - C:\WINNT\System32\shdocvw.dll O12 - Plugin for .html: C:\Program Files\\Netscape\\Netscape Browser\PLUGINS\npTrident.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - driveragent.com O20 - AppInit_DLLs: PAVWAIT.DLL O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - E:\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - E:\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINNT\system32\UAService7.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\system32\vmnat.exe |
Morgenmuffel (187) | ||
| 553333 | 2007-05-27 00:18:00 | Use ccleaner if u have it then. These can be ticked or removed in ccleaner. Under Tools/startup Or HJT. Dont forget to tick fix checked after u tick the above. And close browser/s. O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O20 - AppInit_DLLs: PAVWAIT.DLL Unless Itunes has been uninstalled (which by the looks of it, its still installed), I dont think it'll run properly without the Ituneshelper entry in startup (which isnt in startup). So, if you're not using QT or Itunes, then uninstall both of them. |
Speedy Gonzales (78) | ||
| 553334 | 2007-05-27 01:06:00 | Hmm I tried to get rid of PAVWAIT.DLL by clicking fix selected in HJT and got the following An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: PAVWAIT.DLL) Error #5 - Invalid procedure call or argument also I should be able to remove these shouldn't I O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Adobe\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Adobe\Reader\AdobeCollabSync.exe |
Morgenmuffel (187) | ||
| 553335 | 2007-05-27 01:19:00 | Hmm I tried to get rid of PAVWAIT . DLL by clicking fix selected in HJT and got the following Delete it in safe mode . Or if the folder for Panda is still in Program files, delete it then use ccleaner / Issues / Scan for issues . Remove whatever comes up . also I should be able to remove these shouldn't I Yup these can be ticked too . Must have gone past these . |
Speedy Gonzales (78) | ||
| 1 | |||||