Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help With This Hjt Log Please.


  • Please log in to reply
2 replies to this topic

#1 airaced57

airaced57

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Ontario
  • Local time:01:50 AM

Posted 18 October 2005 - 07:01 PM

I would greatly appreciate your advice as to which items in the following log may be causing my pc to act erratically and can be safely deleted.
My pc has been hanging up frequently, programs have not been responding and numerous scans with my anti-spyware and anti-virus programs have been negative so is it possible my pc has been hijacked? Thankyou in advance.

Logfile of HijackThis v1.99.1
Scan saved at 7:00:20 PM, on 10/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\System32\dmadmin.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Calendar 200X Reminder] C:\Program Files\Calendar 200X\calendar.exe notes
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Answers... - blank
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9E6C7461-FE4A-41A9-9D35-7468796CF9E7} - http://threatlevel.pcsecurityshield.com/control/avxnew.dll
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} - https://webresponse.one.microsoft.com/oas/A...eX/FileXfer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Super Ad Blocker Service (SABSVC) - Unknown owner - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

BC AdBot (Login to Remove)

 


#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 PM

Posted 25 October 2005 - 12:56 PM

Hi airaced57,

I don't see any malware in your log. The instability you are experiencing is most likely due to too many protection softwares running at once. You have two antivirus applications running. They ususally conflict and cause all sorts of problems that wil actually reduce your security. Altho you can run more than one if you just use the scanners, it is still not a good idea. AV's are all heavy on resources and if you want a second opinion, use the free online scans, which I see you have run several of.

You can also be overprotected with the anti-spyware and other security programs. Again, more than one scanner is OK, if you run them one at a time, in fact that is recommended. But most of these applications now have protection mechanisms that occasionally don't get along with one another. I suggest you lean up your system by eliminating protection modules you don't need and eliminate possible conflicts.

My recommendations:

1. Choose between AVG and Antivir. Keep one and uninstall the other.

2. Keep the Microsoft AntiSpyware protection enabled and uninstall SpywareGuard. I'm not familiar with the Trend Micro anti-spayware app, but I would suggest you go into the prgrams's options and disable the protection it affords also. Later if any of the programs you disable seems to clear up the performance problem, you can try enabling it again if you like.

3. Keep Windows Washer and uninstall Evidence Eliminator. These programs do essentially the same thing and from what I've heard WW is the better of the two. I believe EE also has a registry cleaner--and if you have it set to clean the reg automatically this could be the source of the problem in itself. Automatic reg cleaners are notorious for hosing a system's registry as they make educated guesses and the consequences of a wrong guess could spell disaster.

Let me know what you want to do and if this helps.

The thing about people

is they change

when they walk away.--Mipso


#3 airaced57

airaced57
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Ontario
  • Local time:01:50 AM

Posted 30 October 2005 - 09:27 AM

Hi airaced57,

I don't see any malware in your log. The instability you are experiencing is most likely due to too many protection softwares running at once. You have two antivirus applications running. They ususally conflict and cause all sorts of problems that wil actually reduce your security. Altho you can run more than one if you just use the scanners, it is still not a good idea. AV's are all heavy on resources and if you want a second opinion, use the free online scans, which I see you have run several of.

You can also be overprotected with the anti-spyware and other security programs. Again, more than one scanner is OK, if you run them one at a time, in fact that is recommended. But most of these applications now have protection mechanisms that occasionally don't get along with one another. I suggest you lean up your system by eliminating protection modules you don't need and eliminate possible conflicts.

My recommendations:

1. Choose between AVG and Antivir. Keep one and uninstall the other.

2. Keep the Microsoft AntiSpyware protection enabled and uninstall SpywareGuard. I'm not familiar with the Trend Micro anti-spayware app, but I would suggest you go into the prgrams's options and disable the protection it affords also. Later if any of the programs you disable seems to clear up the performance problem, you can try enabling it again if you like.

3. Keep Windows Washer and uninstall Evidence Eliminator. These programs do essentially the same thing and from what I've heard WW is the better of the two. I believe EE also has a registry cleaner--and if you have it set to clean the reg automatically this could be the source of the problem in itself. Automatic reg cleaners are notorious for hosing a system's registry as they make educated guesses and the consequences of a wrong guess could spell disaster.

Let me know what you want to do and if this helps.

Thanks for your advice PAPAKID. I will uninstall the programs you suggested and let you know if that solves the problem. Glad to know I dont have spyware or a virus.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users