Jump to content


Photo

hj log check


  • This topic is locked This topic is locked
4 replies to this topic

#1 ubab

ubab

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 10 February 2011 - 09:35 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:44 PM, on 2/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Zentimo\ZentimoService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Soluto\soluto.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Creative\Surround Mixer\CTSysVol.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\FloatLED\FloatLED.exe
C:\Program Files\Soluto\SolutoService.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Process Lasso\processlasso.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\System Explorer\SystemExplorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Zentimo\Zentimo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bela\Application Data\Mozilla\Firefox\Profiles\qgumt6cz.default\extensions\jsobrier@zscaler.com\platform\WINNT_x86-msvc\firesheep-backend.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\MI8321~1\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Officexp\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [FloatLED] "C:\Program Files\FloatLED\FloatLED.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [UpdateReminder] C:\Program Files\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [ProcessLassoManagementConsole] "C:\Program Files\Process Lasso\processlasso.exe"
O4 - HKLM\..\Run: [ProcessGovernor] "C:\Program Files\Process Lasso\processgovernor.exe"
O4 - HKCU\..\Run: [SystemExplorerAutoStart] "C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Zentimo xStorage Manager] C:\Program Files\Zentimo\Zentimo.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: AutorunsDisabled
O4 - Startup: Startup Defender.lnk = C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
O4 - Startup: SystemExplorerDisabled
O4 - Global Startup: Evernote Clipper.lnk = ?
O4 - Global Startup: SystemExplorerDisabled
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI8321~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files\LastPass\context.html?cmd=fillforms
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI8321~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...t/PCPitStop.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6770.cab
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcp...opAntiVirus.dll
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creat...101/CTSUEng.cab
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcp...DiskMD3Ctrl.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://ccfiles.creat...15111/CTPID.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Media Jukebox 14 Service - J. River, Inc. - C:\Program Files\J River\Media Jukebox 14\JRService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: Zentimo Assistant (ZentimoService) - Unknown owner - C:\Program Files\Zentimo\ZentimoService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 12302 bytes

EDIT: Please give us a clue about why you want your log checked... You are more likely to get help if you tell our helpers what the problem is... Please read our FAQ...

Edited by Budfred, 10 February 2011 - 11:01 PM.


#2 ubab

ubab

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 11 February 2011 - 09:07 AM

numerous BSOD

#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,482 posts

Posted 13 February 2011 - 10:04 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#4 duckfeet

duckfeet

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,451 posts

Posted 14 February 2011 - 12:35 AM

Hello ubab, and welcome to SWI, I'm duckfeet and will be helping you. I don't see malware in your logs, at this point...I'll have you run some other scans.

You have 2 antispyware programs running in resident mode.
These are:

* 1 Spybot Teatimer
* 2 Ad-Aware

Warning!
Running more than one resident protection program of the same type (antivirus, firewall or antispyware program) at the same time can result in unwanted conflict. This can reduce the effectiveness of all your antispyware programs individually. I strongly suggest you either (1) uninstall one antispyware program through Control Panel->Add or remove Programs, OR (2) keep both programs, but leave one of them disabled most of the time. You can still use them for scanning your computer. Because of problems, I'd suggest removing Ad-Aware.

Please let me know which program you decide to keep running .

----

Please download Malwarebytes' Anti-Malware from Here or
here.
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

----

Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.

----

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two logs:
  • DDS.txt
  • Attach.txt
Save both reports to your desktop.

Please post the contents of the DDS.txt log, the MBAM log, and checkup.txt in your next reply. We need it to diagnose and fix malware problems - (we may ask for Attach.txt later.) Let me know how your computer is running now.

Edited by duckfeet, 14 February 2011 - 12:51 AM.

My help is free. However, Donations in support of this website are always appreciated!

#5 duckfeet

duckfeet

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,451 posts

Posted 27 February 2011 - 01:04 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
My help is free. However, Donations in support of this website are always appreciated!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button