Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Junior Member
    Join Date
    Apr 2005
    Posts
    43

    Default adware, spyware, malware ...etc plus HJT Log

    Hi All

    I'm having a few problems with intermitent intnet access and wondering if someone could have a look at the HJT log below, however, I've never had a problem like this before and it's doing my head in

    The router is a standard Spark Huawei which has been great Until now) there are 4 computers and a printer using the wireless connection and until Monday, everything was going well. Now, we're getting one or more computers unable to connect ... NOT always the same ones, however, mine (the one I'm using now) had a few connection problems but seems "stable" now.

    I'm using ESET as my main protection and do regular scans with SAS, MB, ... any other recommendations would be appreciated as I haven't exactly been keeping up on the latest software. I'm also unable to install the Spark Broadband Assist ... just get a 404 error.

    I'd like to try and fix this myself, just for the experience, but also getting a hold of Spark for a replacement modem ... before Easter, otherwise the wife will nail me to the shed wall !

    ESET picked up the following :

    Click image for larger version. 

Name:	ESET Log.JPG 
Views:	38 
Size:	49.4 KB 
ID:	8001

    SAS picked up a lad of cookies - normal

    HJT Log below

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 10:36:45 AM, on 11/04/2017
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.14393.0953)


    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\david\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C8D43A3EEFF19C42AA31C68EEE7 A5AF4] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
    O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igd lh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe
    O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igd lh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe
    O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.Sta ndardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.Standa rdCollector.Service.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igd lh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: Spark MAHostService - Alcatel-Lucent - C:\Program Files (x86)\Spark\SBA\1.0.1.92\ma\bin\MAHostService.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 9795 bytes

    Thanks in advance peoples
    SP8's

  2. #2
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,599

    Default Re: adware, spyware, malware ...etc plus HJT Log

    I would get rid of chrome, it's like a malware magnet.

    I would uninstall Superantispyware. NOD32 should be good enough

    Do a scan with with adwcleaner

    Dont think you need malwarebytes either

    Have no idea what TieringEngineService.exe belongs to. It maybe malware / a virus
    Last edited by Speedy Gonzales; 11-04-2017 at 01:36 PM.

  3. #3
    Junior Member
    Join Date
    Apr 2005
    Posts
    43

    Default Re: adware, spyware, malware ...etc plus HJT Log

    Thanks Speedy

  4. #4
    Senior Member
    Join Date
    Jan 2005
    Location
    Plimmerton
    Posts
    3,203

    Default Re: adware, spyware, malware ...etc plus HJT Log

    Chrome a malware magnet, Speedy????? Sure you aren't just failing to take into account its popularity?

  5. #5
    Senior Member Driftwood's Avatar
    Join Date
    Jul 2007
    Location
    Central Otago
    Posts
    2,422

    Default Re: adware, spyware, malware ...etc plus HJT Log

    Norton's is popular too.

  6. #6
    Junior Member
    Join Date
    Apr 2005
    Posts
    43

    Default Re: adware, spyware, malware ...etc plus HJT Log

    .... please don't mention the N word ... I'm having a bad enough day already ...

  7. #7
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,599

    Default Re: adware, spyware, malware ...etc plus HJT Log

    It maybe popular it's still a malware magnet

  8. #8
    Senior Member
    Join Date
    Jan 2005
    Location
    Plimmerton
    Posts
    3,203

    Default Re: adware, spyware, malware ...etc plus HJT Log

    Please explain. Never seen magnetic properties over years of using Chrome on several comps.

  9. #9
    Senior Member pctek's Avatar
    Join Date
    Feb 2005
    Location
    In the Wild West
    Posts
    23,736

    Default Re: adware, spyware, malware ...etc plus HJT Log

    I have Chrome, use it sometimes. Son has Chrome, uses it exclusively.
    Never had any malware issues...

    I tweaked it's settings and added adblock, to both PCs.
    We both use NOD32.

    I also would not just have NOD32 and nothing else either, it's great but what one can miss, another can pick up.

    I had that ages ago, with a persistent hijacker I couldn't find, NOD didn't see it - using Firefox too then BTW.....
    wipe your paws.

  10. #10
    Senior Member Lawrence's Avatar
    Join Date
    Dec 2005
    Location
    Tauranga
    Posts
    1,714

    Default Re: adware, spyware, malware ...etc plus HJT Log

    Is any browser secure? ,a lot of people run out of date builds and have heaps of Extensions that are not all that secure

    Chrome is popular and attracts more hacking attempts,just think of software you download and has Chrome added to the download if you are not careful and untick

    https://www.bleepingcomputer.com/sea...+Chrome+Secure

Similar Threads

  1. spyware adware removal
    By NZHawk in forum PressF1
    Replies: 11
    Last Post: 28-04-2005, 03:34 PM
  2. Replies: 0
    Last Post: 06-10-2004, 08:16 AM
  3. Internet Adware and Spyware
    By WILLWILLWILLWILL in forum PressF1
    Replies: 9
    Last Post: 12-06-2004, 09:33 PM
  4. spyware\adware
    By jayal in forum PressF1
    Replies: 5
    Last Post: 17-05-2004, 06:02 PM
  5. Spyware, Adware, P2P and Virus Fix Up
    By ntddevsys in forum PressF1
    Replies: 4
    Last Post: 04-11-2003, 06:26 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •