Results 1 to 8 of 8

Thread: HJT

  1. #1
    Senior Member
    Join Date
    Dec 2004
    Location
    Christchurch
    Posts
    2,437

    Default HJT

    Earlier thread closed.

    Certainly miss Speedy on this, but, help maybe still out there.

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 2:50:02 p.m., on 26/01/2021
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    CHROME: 51.0.2704.103

    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Update\1.3.36.52\GoogleCrashHandler.e xe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Everything\Everything.exe
    C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
    C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\explorer.exe
    H:\My Documents from NEC\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
    O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
    O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
    O4 - HKLM\..\Run: [Restoro] "C:\Program Files\Restoro\bin\RestoroApp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Express Accounts Accounting Software (ExpressAccountsService) - Unknown owner - C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google LLC - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google LLC - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
    O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
    O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe

    --
    End of file - 6136 bytes

    Appreciate what needs deleting.

    Have run all the CC, MWB, SuperAnti crap removers'.

    Had the ram replaced on this XP SP3 machine, I use it for genealogy to laptop from the larger screen.

    Greta would be very pleased I don't replace to the latest thing available. rofl.

    lurking.

  2. #2
    Computer Technician wainuitech's Avatar
    Join Date
    Aug 2007
    Location
    Wellington
    Posts
    28,117

    Default Re: HJT

    From manually inspecting what I can see its OK. The only thing Wasn't sure about was "C:\Program Files\Restoro\bin\RestoroApp.exe" But looking it up its some sort of System Repair Scanner.

    The majority of the log analyzers have not been updated in years, one reason is because windows changes so much they cant keep up and the old analyzers ( most are from XP Days) either don't know, or mark legit files as bugs.

  3. #3
    Senior Member piroska's Avatar
    Join Date
    Dec 2017
    Location
    With Kim-Jong-Mum
    Posts
    3,081

    Default Re: HJT

    Whats this?

    C:\Program Files\Everything\Everything.exe
    Ex-pctek

  4. #4
    Senior Member 1101's Avatar
    Join Date
    Jan 2008
    Posts
    7,107

    Default Re: HJT

    Quote Originally Posted by piroska View Post
    Whats this?

    C:\Program Files\Everything\Everything.exe
    Its a 3rd party search tool.

    Anyway, cam Panda AV & Superantispyware co-exist happily.
    I would uninstall or disable one of them .

  5. #5
    Senior Member Lawrence's Avatar
    Join Date
    Dec 2005
    Location
    Tauranga
    Posts
    2,036

    Default Re: HJT

    Would also pay to run AdwCleaner through if not already done

    https://www.malwarebytes.com/adwcleaner/

  6. #6
    Senior Member
    Join Date
    Nov 2006
    Posts
    1,968

    Default Re: HJT

    Everything is a great search tool

  7. #7
    Senior Member
    Join Date
    Dec 2004
    Location
    Christchurch
    Posts
    2,437

    Default Re: HJT

    Thanks everyone and I forgot to run AdwCleaner, it's out there on H drive's back-ups.

    Bevy121, Everything is a very fast search program.

    lurking.

  8. #8
    Computer "Specialist" Agent_24's Avatar
    Join Date
    Dec 2004
    Location
    64 Bitville
    Posts
    14,305

    Default Re: HJT

    I love Everything, not just because it breaks English when trying to refer to it...

    For Linux, there's a clone of Everything, called fsearch: https://github.com/cboxdoerfer/fsearch
    Non-system disk or disk error. Replace and strike any key when ready.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •