|
|
petesar
new user
Reg'd: Sun
Posts: 6
|
|
hiya i have a problem with my pc running really slow have ran hijack this and have found something that my friend reccomended i remove but hijack this wont remove itand i have saved a log of the resultsLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:42, on 11/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {F76E1D93-237A-4E93-B1B2-B1511AE92AF8} - C:\Windows\system32\yayxyayv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BMdbf49907] Rundll32.exe "C:\Windows\system32\evrndtsm.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 5043 bytes
Edited by petesar (Sun May 11 2008 12:46 PM)
|
|
ourwilly
HijackThis Helper
Reg'd: Sun
Posts: 2824
Loc: England.
|
|
Hello petesar
Please print out these instructions or copy and paste this fix into Notepad for future reference.
Open HijackThis again, select "Do a System Scan only" and place a checkmark in the boxes before the following entries:
O2 - BHO: (no name) - {F76E1D93-237A-4E93-B1B2-B1511AE92AF8} - C:\Windows\system32\yayxyayv.dll
O4 - HKLM\..\Run: [BMdbf49907] Rundll32.exe "C:\Windows\system32\evrndtsm.dll",s
Close all other open windows and click on Fix checked, then exit HijackThis.
------------------------
Please download MalwareBytes Anti-malware (MBAM) from one of the following links:
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe
Once downloaded, close all programs and Windows on your computer (including this one.)
Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program.
On the Scanner tab, make sure the Perform quick scan option is selected and then click on the Scan button to start scanning your computer.
MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click Show Results.
Make sure all entries have a checkmark at their far left.
Click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs' quarantine.
When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then do a File, Save and then close the Notepad window. Remember where you saved the log file, as we will want to see it later.
Please post the MBAM results and a new HijackThis log.
|
petesar
new user
Reg'd: Sun
Posts: 6
|
|
have done what you said here are the results
|
petesar
new user
Reg'd: Sun
Posts: 6
|
|
Malwarebytes' Anti-Malware 1.12
Database version: 739
Scan type: Full Scan (C:\|J:\|)
Objects scanned: 102231
Time elapsed: 9 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 33
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Windows\System32\yayxyayv.dll (Trojan.Vundo) -> No action taken.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f76e1d93-237a-4e93-b1b2-b1511ae92af8} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f76e1d93-237a-4e93-b1b2-b1511ae92af8} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b3102264-d09d-4322-b625-503fbf18dd7e} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b3102264-d09d-4322-b625-503fbf18dd7e} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMdbf49907 (Trojan.Agent) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayxyayv -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayxyayv -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\yayxyayv.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\vyayxyay.ini (Trojan.Vundo) -> No action taken.
C:\Windows\System32\vyayxyay.ini2 (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-193238-226.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-193313-338.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-193348-645.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-193744-328.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-193847-569.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-194250-824.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-202351-744.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-202405-946.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-211735-568.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-211936-669.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-211954-417.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080511-121942-996.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080511-163619-350.dll (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp0000fa64 (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp0000fd42 (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp00010a3c (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp000116da (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp0001186f (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp00011a34 (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp00011d9d (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp000120a9 (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp000122ea (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp00012413 (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp0001271f (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp00014098 (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp0002274e (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp00028880 (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp00030270 (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp000929fc (Trojan.Vundo) -> No action taken.
C:\Windows\System32\evrndtsm.dll (Trojan.Agent) -> No action taken.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:25, on 11/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 4814 bytes
|
ourwilly
HijackThis Helper
Reg'd: Sun
Posts: 2824
Loc: England.
|
|
Hello petesar
You may have noticed that No action taken is showing in the Malwarebytes log results..
-----------------
Can you please run through the Malwarebyte's Anti-Malware instructions again...
In particular - When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click Show Results.
Make sure all entries have a checkmark at their far left.
Click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs' quarantine.
ourwilly
|
petesar
new user
Reg'd: Sun
Posts: 6
|
|
have done that is all ok now
|
ourwilly
HijackThis Helper
Reg'd: Sun
Posts: 2824
Loc: England.
|
|
Hello petesar
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All Click the Empty Selected button.
If you use Firefox browser - Click Firefox at the top and choose: Select All
Click the Empty Selected button.
If you use Opera browser - Click Opera at the top and choose: Select All
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Please then post a new HijackThis log and also let me know how your system is running..
|
petesar
new user
Reg'd: Sun
Posts: 6
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:50, on 11/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
Edited by petesar (Sun May 11 2008 06:14 PM)
|
ourwilly
HijackThis Helper
Reg'd: Sun
Posts: 2824
Loc: England.
|
|
Hi petesar,
Please Update Java:
Go here and download the latest version of Java Runtime Environment (JRE) 6 Update 6
http://java.sun.com/javase/downloads/index.jsp
Go to Start > Control Panel double-click Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
Select any found and click Remove.
Then install the version you downloaded earlier.
Can you let me know how things are running.
ourwilly
|
petesar
new user
Reg'd: Sun
Posts: 6
|
|
Thanks for all your help ourwilly its running great now mate its been really a pain in the bum as its been about a week the system has been running like crap and didnt know about this site until today and wish i had come here about a week ago once again thankyou for sorting it for me will come back here if it happens again but fingers crossed it wont
Edited by petesar (Sun May 11 2008 10:15 PM)
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
