| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 76553 | 2007-02-04 22:51:00 | Hijackthis LOG file | russell108 (7499) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 522742 | 2007-02-04 22:51:00 | I havent been here in a long time but if Speedy is still here i could do with some help...even my system restore doesnt work :groan: Anyway here is my log file.. Logfile of HijackThis v1.99.1 Scan saved at 14:27:11, on 04/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Ahead\InCD\InCDsrv.exe D:\WINDOWS\system32\ZoneLabs\vsmon.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe D:\WINDOWS\system32\spoolsv.exe D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe D:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe D:\Program Files\ewido anti-malware\ewidoctrl.exe D:\Program Files\ewido anti-malware\ewidoguard.exe D:\WINDOWS\System32\nvsvc32.exe D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe D:\WINDOWS\SOUNDMAN.EXE D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\system32\wuauclt.exe D:\WINDOWS\system32\CTHELPER.EXE D:\Program Files\Ahead\InCD\InCD.exe D:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe D:\Program Files\QuickTime\qttask.exe D:\Program Files\iPod\bin\iPodService.exe D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe D:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe D:\PROGRA~1\Grisoft\AVG7\avgcc.exe D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe D:\Program Files\Stardock\ObjectDock\ObjectDock.exe D:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e C:\BACK UP\APPS\ANTI VIRUS SPYWARE ETC\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = uk.play.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = uk.play.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = update.zonelabs.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "D:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe" O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] D:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe O4 - HKLM\..\Run: [Lexmark X83 Button Manager] D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe O4 - HKLM\..\Run: [PrinTray] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Active Desktop Calendar] D:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O17 - HKLM\System\CCS\Services\Tcpip\..\{13227630-A0D4-46EF-B627-9DADF7772068}: NameServer = 212.135.1.36 195.40.1.36 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - D:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe |
russell108 (7499) | ||
| 522743 | 2007-02-04 23:09:00 | Run HJT again tick these entries and tick fix checked. Close browser/s. None of these are nasty tho. O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe - uninstall this and ALL previous versions of Sun Java. Get the update in the link in my sig below. O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe You sure System Restore is on?? |
Speedy Gonzales (78) | ||
| 522744 | 2007-02-05 09:36:00 | system restore is definately on My taskbar/start menu etc has vanished now too Is there a list of hijackthis baddies anywhere on the net ? Latest log file.. Logfile of HijackThis v1.99.1 Scan saved at 09:25:02, on 05/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Ahead\InCD\InCDsrv.exe D:\WINDOWS\system32\ZoneLabs\vsmon.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe D:\Program Files\ewido anti-malware\ewidoctrl.exe D:\Program Files\ewido anti-malware\ewidoguard.exe D:\WINDOWS\System32\nvsvc32.exe D:\WINDOWS\system32\CTHELPER.EXE D:\Program Files\Ahead\InCD\InCD.exe D:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe D:\Program Files\iPod\bin\iPodService.exe D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe D:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe D:\PROGRA~1\Grisoft\AVG7\avgcc.exe D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe D:\Program Files\Stardock\ObjectDock\ObjectDock.exe D:\PROGRA~1\Grisoft\AVG7\avgw.exe D:\Program Files\Opera\Opera.exe D:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe D:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe D:\WINDOWS\System32\msiexec.exe C:\BACK UP\APPS\ANTI VIRUS SPYWARE ETC\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = uk.play.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = uk.play.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = update.zonelabs.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "D:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe" O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] D:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe O4 - HKLM\..\Run: [Lexmark X83 Button Manager] D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe O4 - HKLM\..\Run: [PrinTray] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Active Desktop Calendar] D:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O17 - HKLM\System\CCS\Services\Tcpip\..\{13227630-A0D4-46EF-B627-9DADF7772068}: NameServer = 212.135.1.36 195.40.1.36 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - D:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe |
russell108 (7499) | ||
| 522745 | 2007-02-05 10:17:00 | Run HJT again tick these entries and tick fix checked. Close browser/s. None of these are nasty tho. O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe - uninstall this and ALL previous versions of Sun Java. Get the update in the link in my sig below. O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe You sure System Restore is on?? Gidday Speedy. Those are all legit files are they not, albeit not necessary to the smooth running of the system when not required and resource hogs to boot, but would they not be better disabled through their settings? BTW, I'd also tend to nix from startup Real and CThelper. |
Murray P (44) | ||
| 1 | |||||