PDA

View Full Version : Another HijackThis



Driftwood
06-05-2009, 03:59 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:54:19 p.m., on 6/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bert\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1238923493469&h=7a523ebe2f9bb575683de72228ad9ad7/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 4201 bytes

inphinity
06-05-2009, 04:21 PM
What is the issue you're having? Spyware Terminator is the only sus thing I can see with a quick glance.

Speedy Gonzales
06-05-2009, 04:27 PM
This doesnt have to be in startup

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O13 - Gopher Prefix:

Uninstall ALL previous versions of java, and leave the latest installed

Driftwood
06-05-2009, 05:29 PM
Thanks for that.
Issues, freezing occationally when on line. Also slower than normal to load some pages.
This has been noticed since the latest IE8 update.

Speedy Gonzales
06-05-2009, 05:36 PM
I would uninstall adobe reader, its full of holes. Install something smaller, like Foxit

Blam
06-05-2009, 06:35 PM
Thanks for that.
Issues, freezing occationally when on line. Also slower than normal to load some pages.
This has been noticed since the latest IE8 update.

IE8 uses a new web standard, so some sites may load slower and even not load at all!

Give firefox a whirl and see if it fixes the problem.

[Also, IE8 is supposed to be the fastest browser currently]

Blam

wainuitech
06-05-2009, 06:43 PM
What is the issue you're having? Spyware Terminator is the only sus thing I can see with a quick glance. Nothing wrong with Spyware terminator - its a VERY good Antispyware program that finds more infections than malwarebytes and Spybot put together.

inphinity
06-05-2009, 06:46 PM
Nothing wrong with Spyware terminator - its a VERY good Antispyware program that finds more infections than malwarebytes and Spybot put together.

Interesting, I've tried it on two PCs and on both occaisions they failed to boot correctly after installing it :X

Might have just been coincidental, maybe I will give it another shot.

wainuitech
06-05-2009, 06:48 PM
Thanks for that.
Issues, freezing occationally when on line. Also slower than normal to load some pages.
This has been noticed since the latest IE8 update. Run a full manual windows update - sounds a lot like several customers PC's I have at the moment, and see alot of, windows updates if they are downloading and you dont know it, can cause this problem.

To check - since its Vista. Click the start Orb, type in update
From the results, click Windows Update - top left, click "Check For Updates" - see what it locates.

wainuitech
06-05-2009, 06:51 PM
Interesting, I've tried it on two PCs and on both occaisions they failed to boot correctly after installing it :X

Might have just been coincidental, maybe I will give it another shot. I and sevral other Techs here use it every day- with no problems, you dont install teh crawler tool bar, OR activate the inbuilt AV - for an AV you are much better off using Avast (free) or if you want a paid better one Nod32.

Only time I have personally had problems with it is if the system is damaged or unstable to start with.

Driftwood
06-05-2009, 08:46 PM
Thank you.
Have installed all the available updates.
Were only recomended & optional ones available.
Update was already set to install important ones.
I'll see how that goes 1st before making any other changes.

wainuitech
06-05-2009, 10:17 PM
Sometimes the actual problem is very obvious - click on the start button, type in performance From the results , click on Reliability and Performance Monitor On the left, under Monitoring Tools, click on Reliability Monitor, there you will see a graph - where there was a problem, it will show a red Circle with a white X " the fault will show below.

"Sometimes" its quite obvious what has happened, other times you go "yeah I know that" - if thats the case - Take note of the day/Time of the event, close that window, click start, type in eventvwr click it to open from the result. On the left, under Windows logs, expand out Application - locate the time and day, should be a fault /error there, once found, double click to open it - Copy/Paste the complete error message back here.

( You have to use Ctrl + C to copy, then right click/Paste or Ctrl + V)

If there is no fault in the Application log at the time, look in System Log.

EXAMPLE ONLY of an error message - this is when FF spat the dummy and threw its toys away then froze on this PC.
Faulting application firefox.exe, version 1.9.0.3399, time stamp 0x49f1091d, faulting module FOXITR~1.OCX, version 1.0.0.1, time stamp 0x495057f6, exception code 0xc0000005, fault offset 0x00002c8e, process id 0x464, application start time 0x01c9cdc9459e27f0

Driftwood
07-05-2009, 10:38 AM
Just checked the reliability monitor & as you say the problems were shown. Quite a handy thing, will keep an eye on it if something else happens.
The event viewer only had warnings so I won't worry about putting them in here at this stage.
Seems to be all good today.
Thanks for you help