PDA

View Full Version : HiJackThis log....help please



powerover
09-10-2010, 08:08 PM
computer is acting strangely lately...can't really tell what's wrong, but it just feels different, sometime the mouse lags a bit, barely noticeable, other times game crashes, with the HDD light flashing with a pattern, etc etc. Here is the log, anything doggy?? thanks for the help in advance :D

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:04:42 p.m., on 9/10/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6182 bytes

Speedy Gonzales
09-10-2010, 08:21 PM
You can tick these then tick fix checked

Close browsers. Or delete its entry in startup with ccleaner

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

powerover
09-10-2010, 08:31 PM
thanks speedy I knew u would be the first to reply :D

will do so now.

one thing is bothering me tho, what is with all the "file missing" stuff???

n u cnt find any nasty stuff there? what is causing the lags then?...um....

oh, and what is wrong with tea timer again??

thanks :D

Speedy Gonzales
09-10-2010, 08:41 PM
If this is 64 bit, its either not compat with HJT. Or its a permission prob, why HJT thinks files are missing. They'll still be there. Teatimer, if its in startup / running can block programs from installing / working properly. Everything else looks fine (there's not much else in the log for it to lag)!

I know some mobo chipsets can make you lag. I had one, it was so bad it took 30 secs - 1 min+ for anything to move. In the end I biffed the mobo. It maybe sidebar, it can be a memory hog. It may pay to install some kind of AV program. Spybot wont protect you from everything

powerover
10-10-2010, 09:24 AM
If this is 64 bit, its either not compat with HJT. Or its a permission prob, why HJT thinks files are missing. They'll still be there. Teatimer, if its in startup / running can block programs from installing / working properly. Everything else looks fine (there's not much else in the log for it to lag)!

I know some mobo chipsets can make you lag. I had one, it was so bad it took 30 secs - 1 min+ for anything to move. In the end I biffed the mobo. It maybe sidebar, it can be a memory hog. It may pay to install some kind of AV program. Spybot wont protect you from everything

i dnt use any gadgets or anything (sidebar is a gadget right?), i try my best to keep everything lean and mean.....

i have been going without AV for aaaaages, maybe im heavily infected....maybe thats whats causing the lags.. :P

what is a good free AV again?? i liked the user interface of AVG but none of you guys like it..tried some others, dnt like any of them, then i jst gave up....:annoyed:

oh and how did you learn how to read the logs??? it sort of kind of sort of make sense to me, but i couldn't understand everything and knw what everything does.....:(

thanks speedy :D

Speedy Gonzales
10-10-2010, 10:12 AM
The log just shows a list of programs you've installed. If you know what they are, (and that you installed them) they're fine.

The rest of the entries are usually services (for whatever programs), and windows.

And the bho entries are installed (usually by programs you install, like toolbars). Altho, some spyware / malware may also install them.

And the startup entries are from programs you install (and by malware). Its the startup entries you have to watch / be careful of), if its malware / trojans etc.

Because once the file for it runs, it can cause damage.If you're not sure what a file is (in strartup), you check Google :p

LynX
10-10-2010, 12:19 PM
MSI Afterburner... Could it be overclocking that makes the system unstable?

Just wondering.

Speedy Gonzales
10-10-2010, 12:22 PM
It can I suppose. I dont know what that does, so didnt know it can let you overclock

LynX
10-10-2010, 12:36 PM
The name got my attention.
http://event.msi.com/vga/afterburner/
It's a graphics overclocker, though.

Also, I've been fooling around with EasyTune on my P4 1.8G computer, and at one time it felt like running XP on a calculator: you can't even call it "lag" because it's more like a slideshow, at 1 frame per second. But that's a bit extreme, though...

Anyway, have you opened HJT "as administrator"?

powerover
10-10-2010, 02:09 PM
The log just shows a list of programs you've installed. If you know what they are, (and that you installed them) they're fine.

The rest of the entries are usually services (for whatever programs), and windows.

And the bho entries are installed (usually by programs you install, like toolbars). Altho, some spyware / malware may also install them.

And the startup entries are from programs you install (and by malware). Its the startup entries you have to watch / be careful of), if its malware / trojans etc.

Because once the file for it runs, it can cause damage.If you're not sure what a file is (in strartup), you check Google :p

oh....not too difficult to understand after all...

thnks speedy. :D

powerover
10-10-2010, 02:11 PM
MSI Afterburner... Could it be overclocking that makes the system unstable?

Just wondering.

i am using afterburner as a GPU monitoring tool. because it gives be the option of using user defined GPU fan rpm profile, which quiets my pc down when im not gaming. :D

powerover
10-10-2010, 02:13 PM
It can I suppose. I dont know what that does, so didnt know it can let you overclock

u can use it to over clock stuff, quite a powerful, clean and mean program.....u got to knw what you are doing tho, it lets u tweak the GPU core voltage, can fry the GPU if not careful..

powerover
10-10-2010, 02:15 PM
The name got my attention.
http://event.msi.com/vga/afterburner/
It's a graphics overclocker, though.

Also, I've been fooling around with EasyTune on my P4 1.8G computer, and at one time it felt like running XP on a calculator: you can't even call it "lag" because it's more like a slideshow, at 1 frame per second. But that's a bit extreme, though...

Anyway, have you opened HJT "as administrator"?

i thought i am the only admin on my computer? will do so tonight and see what happens.

i tried easytune before....i recon it is not as good as msi-afterburner :D

anyway, my pussy powersupply doesn't allow overclocking 2 graphic cards.... :(