Steve Posted September 11, 2011 Author Share Posted September 11, 2011 OK, you should fix these two, but make sure a web browser isn't open when you do it: - O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O3 - Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file) They're not nasties or anything. They're just left over from some toolbars that you've since removed. You can fix both of these if you like. They're not infected files either, but they're just useless and don't need to start up when the computer starts: - O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe" This looks suspect to me, although it may not be: - O4 - HKCU\..\Run: [Facebook Update] "D:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver Have you installed any software related to Facebook? Perhaps something to use for audio/video chat? Other than that file, which may well be legit, your log looks clean. Quote Link to comment Share on other sites More sharing options...
chile Posted September 11, 2011 Share Posted September 11, 2011 thanks man i did everything cept for the facebook update which i think is to do with the video chat service they have in the chat window thingy. thanks again im gonna run another scan just incase, that spyware gen thing scared me as i had to ignore it to continue the scan, nothing else worked Quote Link to comment Share on other sites More sharing options...
Steve Posted September 11, 2011 Author Share Posted September 11, 2011 No worries mate. If you run another scan and it detects that spyware gen thing again, have a look where the file is located. As it couldn't be cleaned, chances are it might be stored in the area set aside for system restore. If that's the case, turn system restore off, reboot, then turn system restore back on and create a new restore point. Quote Link to comment Share on other sites More sharing options...
chile Posted September 11, 2011 Share Posted September 11, 2011 it didnt pick anything up the second time i think im still gonna do that though just to be safe.. i think in first scan it didnt pick it up either, it was only in the boot scan that it detected the spyware gen files. thanks a lot anyhow, thats a load off me mind Quote Link to comment Share on other sites More sharing options...
dissonance Posted September 23, 2011 Share Posted September 23, 2011 Steve, you mind helping a brother out? Logfile of HijackThis v1.99.1Scan saved at 8:22:03 PM, on 9/22/2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\AMT\atchk.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\ATI Technologies\ATI.ACE\CLI.EXEC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DAEMON Tools Lite\DTLite.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Intel\AMT\atchksrv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\Program Files\Intel\AMT\LMS.exeC:\Program Files\Intel\AMT\UNS.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=14676R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLLO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUNO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\New\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorunO8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] InternationalO17 - HKLM\System\CCS\Services\Tcpip\..\{2DF4A432-F922-4319-8399-B0BA77977894}: NameServer = 208.67.222.222,208.67.220.220O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dllO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exeO23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exeO23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe thanks in advance! Quote Link to comment Share on other sites More sharing options...
Steve Posted September 23, 2011 Author Share Posted September 23, 2011 Your home page is Ask Jeeves? What is this man, 1995? The log looks fine to me. Are you having any particular problems with the computer? You're running an out of date version of HijackThis BTW. You can get the latest version from Trend MIcro's site here: - http://uk.trendmicro.com/uk/products/personal/free-tools-and-services/ Quote Link to comment Share on other sites More sharing options...
dissonance Posted September 23, 2011 Share Posted September 23, 2011 LOL!!!! I can't really explain that, to be honest. I've never used IE other than to update Windows, so I can't really account for that. I'ma download the latest version and repost the log, just in case. and yeah...I was worried about it...it's been stalling out a little bit when browsing and starting apps. Quote Link to comment Share on other sites More sharing options...
dissonance Posted September 23, 2011 Share Posted September 23, 2011 new one.... Logfile of Trend Micro HijackThis v2.0.4Scan saved at 8:49:19 PM, on 9/22/2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Intel\AMT\atchk.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\ATI Technologies\ATI.ACE\CLI.EXEC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DAEMON Tools Lite\DTLite.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Intel\AMT\atchksrv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\Program Files\Intel\AMT\LMS.exeC:\Program Files\Intel\AMT\UNS.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=14676R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLLO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUNO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\New\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorunO8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{2DF4A432-F922-4319-8399-B0BA77977894}: NameServer = 208.67.222.222,208.67.220.220O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exeO23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe --End of file - 7187 bytes Quote Link to comment Share on other sites More sharing options...
Steve Posted September 23, 2011 Author Share Posted September 23, 2011 That looks 100% clean to me man. It's a tough one to diagnose, unless you can pinpoint the issues starting at a certain time that coincides with you installing new software, drivers or whatever. You could try a chkdsk /r on your drive (although with the /r switch, it takes fucking ages to run, so do it while you're asleep or something). You could also try running MemTest86+ just to give your RAM the once over. Sometimes a fresh OS install can cure weird little problems like that, although it's a bit of a drastic measure if you don't have backups of everything and it also may not cure the problem. Quote Link to comment Share on other sites More sharing options...
dissonance Posted September 23, 2011 Share Posted September 23, 2011 right on man! I appreciate the help. Maybe I'll just double the RAM and call it a night. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.