Results 1 to 4 of 4
  1. #1

    Default Hijackthis LOG file

    I havent been here in a long time but if Speedy is still here i could do with some help...even my system restore doesnt work

    Anyway here is my log file..

    Logfile of HijackThis v1.99.1
    Scan saved at 14:27:11, on 04/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Ahead\InCD\InCDsrv.exe
    D:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    D:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
    D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    D:\Program Files\ewido anti-malware\ewidoctrl.exe
    D:\Program Files\ewido anti-malware\ewidoguard.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    D:\WINDOWS\SOUNDMAN.EXE
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\system32\CTHELPER.EXE
    D:\Program Files\Ahead\InCD\InCD.exe
    D:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    D:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
    D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    D:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e
    C:\BACK UP\APPS\ANTI VIRUS SPYWARE ETC\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.play.yahoo.com/games/login?game=Chess
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.play.yahoo.com/games/login?game=Chess
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.zonelabs.com/downloadr...qId=1032765084
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "D:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] D:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Manager] D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    O4 - HKLM\..\Run: [PrinTray] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Active Desktop Calendar] D:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O17 - HKLM\System\CCS\Services\Tcpip\..\{13227630-A0D4-46EF-B627-9DADF7772068}: NameServer = 212.135.1.36 195.40.1.36
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - D:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

  2. #2
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: Hijackthis LOG file

    Run HJT again tick these entries and tick fix checked. Close browser/s.

    None of these are nasty tho.

    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe - uninstall this and ALL previous versions of Sun Java. Get the update in the link in my sig below.

    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

    You sure System Restore is on??

  3. #3

    Default Re: Hijackthis LOG file

    system restore is definately on

    My taskbar/start menu etc has vanished now too


    Is there a list of hijackthis baddies anywhere on the net ?


    Latest log file..

    Logfile of HijackThis v1.99.1
    Scan saved at 09:25:02, on 05/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Ahead\InCD\InCDsrv.exe
    D:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
    D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    D:\Program Files\ewido anti-malware\ewidoctrl.exe
    D:\Program Files\ewido anti-malware\ewidoguard.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\system32\CTHELPER.EXE
    D:\Program Files\Ahead\InCD\InCD.exe
    D:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    D:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
    D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    D:\PROGRA~1\Grisoft\AVG7\avgw.exe
    D:\Program Files\Opera\Opera.exe
    D:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e
    D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    D:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
    D:\WINDOWS\System32\msiexec.exe
    C:\BACK UP\APPS\ANTI VIRUS SPYWARE ETC\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.play.yahoo.com/games/login?game=Chess
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.play.yahoo.com/games/login?game=Chess
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.zonelabs.com/downloadr...qId=1032765084
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "D:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] D:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Manager] D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    O4 - HKLM\..\Run: [PrinTray] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Active Desktop Calendar] D:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O17 - HKLM\System\CCS\Services\Tcpip\..\{13227630-A0D4-46EF-B627-9DADF7772068}: NameServer = 212.135.1.36 195.40.1.36
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - D:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

  4. #4
    --:-- Murray P's Avatar
    Join Date
    Dec 2004
    Location
    Welly
    Posts
    2,961

    Default Re: Hijackthis LOG file

    Quote Originally Posted by Speedy Gonzales View Post
    Run HJT again tick these entries and tick fix checked. Close browser/s.

    None of these are nasty tho.

    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe - uninstall this and ALL previous versions of Sun Java. Get the update in the link in my sig below.

    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

    You sure System Restore is on??
    Gidday Speedy. Those are all legit files are they not, albeit not necessary to the smooth running of the system when not required and resource hogs to boot, but would they not be better disabled through their settings?

    BTW, I'd also tend to nix from startup Real and CThelper.
    Last edited by Murray P; 05-02-2007 at 10:19 PM.

Similar Threads

  1. hijackthis
    By sk69ersnz in forum PressF1
    Replies: 18
    Last Post: 10-08-2008, 04:20 PM
  2. Replies: 6
    Last Post: 19-07-2008, 07:13 AM
  3. Speedy, hijackthis file??
    By Faded_Mantis in forum PressF1
    Replies: 3
    Last Post: 02-10-2007, 02:37 PM
  4. Help with hijackthis file
    By kale in forum PressF1
    Replies: 6
    Last Post: 22-08-2007, 03:00 PM
  5. Hijackthis Log File.
    By Poppa John in forum PressF1
    Replies: 14
    Last Post: 22-12-2006, 03:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •