Text only | Text with Images

LandzDown Forum

Security => Analysis and Malware Removal => Topic started by: Ghost on February 05, 2008, 05:37:02 PM

Title: my new sys hjt
Post by: Ghost on February 05, 2008, 05:37:02 PM
hi all,
although i dont care for laptops i was given one yesterday. its a clean install and i would like someone to take a quick look and see if anything should be removed or is there anything i can remove just to clean up the log?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:20 AM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\toshiba\sysstability\tsyssmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HJT\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202092488738
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 4403 bytes

thanks,
G
Title: Re: my new sys hjt
Post by: winchester73 on February 05, 2008, 06:17:50 PM
"Clean install" ... wonder what happened to Real Player:

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Log looks OK to me.   :D
Title: Re: my new sys hjt
Post by: Ghost on February 05, 2008, 06:43:47 PM
hi winchester73,
i fixed the 09 extra button.
as to where realplayer is, i uninstalled/cleaned up several progs i would not be using before posting the hjt log. ya i got in a hurry  :). next time ill leave all progs installed before i post a hjt log, under these circumstances. sorry.
thanks, for your quick reply :)
G
Title: Re: my new sys hjt
Post by: Paddy on February 05, 2008, 06:54:24 PM
Ghost update the java >>> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

Should be >>>  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

Also   Visit http://secunia.com/software_inspector/


Paddy... :thumbsup:
Title: Re: my new sys hjt
Post by: Ghost on February 05, 2008, 07:42:35 PM
hi paddy,
i was just at secunia early this morn and updated the java. why is it showing an out of date java now? you know......i had this same thing in this hjt log:
http://www.landzdown.com/index.php?topic=22262.0
i even went back to secunia and updated again with the machine in the link above.;-(.
must be something wrong with the guy behind the keyboard;-D
G
Title: Re: my new sys hjt
Post by: Paddy on February 05, 2008, 07:53:40 PM
Hi Ghost Hmmm you could try this >>> :)

Can you check within the java consol that the older version isn't listed and the latest one is highlighted? Then click apply then ok, if the old version is there highlight right click and select remove. Then go to add remove programes and remove the old version from there
assuming its ther..  :thumbsup:

This might help..
JavaVideo.flv (http://s32.photobucket.com/player.swf?refURL=/&file=http://vid32.photobucket.com/albums/d32/Padd_y/JavaVideo.flv&fs=1&os=1&ap=1)


Paddy.. :Hammys pint:
Title: Re: my new sys hjt
Post by: Paddy on February 05, 2008, 07:55:41 PM
Ghost the video I posted is there just that for the moment Photo bucket is down ... :stupid: Photobucket Site Maintenance



Paddy... :wub:
Title: Re: my new sys hjt
Post by: Ghost on February 06, 2008, 01:04:43 AM
hi paddy,
ok ive got the update. it was operator error but now all is well in ghostville :D
thanks for your help :thumbsup:
G
Title: Re: my new sys hjt
Post by: Paddy on February 06, 2008, 01:15:53 AM
Glad you got it sorted Ghost ... :mitch:

Paddy... :Hammys pint:
Text only | Text with Images