pc plodder Posted July 23, 2008 Posted July 23, 2008 Hi, My first post here so please excuse me if i've posted it in the wrong section as i have a couple of posts to do concerning different things going on with my P.C Below is my Hijackthis log. I am rather concerned with the entries HKUS as i've never seen them before. As far as i'm aware my system is clean. I have ESET business antispy,antivirus and firewall on board and that cdomes up with nothing. I've also done an online scan with Panda and that's clean also. If some member could cast a quick eye over the log to check if anything is amiss and advise me what to do about it. FYI I am a beginner at P.Cs' I know some terms and have a little knowledge but for more of what i call techie stuff i'm stumped. i.e I know what BIOS is but as for poking around in there....forget it, i wouldn't know where to start. Hope that gives you some indication of my level of comitence:o Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:01:38, on 21/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\Program Files\VoyagerTest\fts.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\LiveUpdate\LiveUpdate.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\AOL 9.0\aoltray.exe C:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1216066570\ee\AOLSoftware.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [bTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Stevie" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216141449140 O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 5743 bytes Quote
Goku Posted July 23, 2008 Posted July 23, 2008 (edited) Hello and Welcome to Extreme Tech Support - Free PC Help Steve. :) We have briefly removed assistance for HijackThis logs as mentioned in this Sticky. Sorry for the inconvenience caused. I am no expert at analyzing the logs but it seems there are some orphaned entries. I recommend you to go to the HijackThis website and post your log if you need immediate assistance. Malware Removal - Website Home Page Please feel free to ask any more questions or doubts you may have. :) -- Goku Edited July 23, 2008 by Goku Quote
Dalo Harkin Posted July 23, 2008 Posted July 23, 2008 Hi, My first post here so please excuse me if i've posted it in the wrong section as i have a couple of posts to do concerning different things going on with my P.C Below is my Hijackthis log. I am rather concerned with the entries HKUS as i've never seen them before. As far as i'm aware my system is clean. I have ESET business antispy,antivirus and firewall on board and that cdomes up with nothing. I've also done an online scan with Panda and that's clean also. If some member could cast a quick eye over the log to check if anything is amiss and advise me what to do about it. FYI I am a beginner at P.Cs' I know some terms and have a little knowledge but for more of what i call techie stuff i'm stumped. i.e I know what BIOS is but as for poking around in there....forget it, i wouldn't know where to start. Hope that gives you some indication of my level of comitence:o Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:01:38, on 21/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\Program Files\VoyagerTest\fts.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\LiveUpdate\LiveUpdate.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\AOL 9.0\aoltray.exe C:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1216066570\ee\AOLSoftware.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [bTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Stevie" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216141449140 O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 5743 bytes There are some instances of McAfee that you should remove I have put them in bold, other than that you have lots of AOL tasks running and BT Voyager ones too - most of them are probably unneccessary but I doubt would cause any major issues:- FYI - AOL do take over your system with all the stuff they put on your PC, just be weary of installing things from ISP's Quote Intel Q6600 @ 4Ghz (Watercooled)Asus P5K premium black pearl4GB OCZ Reaper 8500260GTX Join Free PC Help - Register here Donations are welcome - here PC Build We are all members helping other members.Please return here where you may be able to help someone else.After all, no one knows everything and you may have the answer that someone needs.
RandyL Posted July 23, 2008 Posted July 23, 2008 You said you have other issues. It would help if you could explain please. As stated AOL bundles programs. If you are having problems it may be an AOL program such as their bundled Antivirus program conflicting with Eset. AOL is partnered with Mcafee. Either way it's hard to diagnose an issue unless we know what you are experiencing. A log is not a complete diagnostic. Please let us know so we can try to help. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
pc plodder Posted July 23, 2008 Author Posted July 23, 2008 Thanks for comming back so soon!!!! Wish my P.C was that fast GOKU Will do as you suggested...Thanks Quote
pc plodder Posted July 23, 2008 Author Posted July 23, 2008 Thanks Dalo Harkin for the reply. I have Mcafee as part of the aol broadband that i've had for years, The firewall is still on the system, should i remove the ones you highlighted? Thanks for your prompt reply Quote
pc plodder Posted July 23, 2008 Author Posted July 23, 2008 Hi RandyL Again thanks for the super quick response. I have posted the other issues in the Xp section. Since i've done a coplete reinstall of XP (see other post) all the aol stuff is what i needed to get back online. I had to install the dialbb software or i wouldn't be able to get online with them as they've migrated their network. I only have aol computer checkup installed. The spyware thing starts up but it's not installed on my system as it used to be free but now they want to charge for it and as i have ESET i don't need it. BTW it appears i may have a conflict with Mcaffe firewall as it seems not to be logging any incoming traffic. It's still on tight security but there are no events logged so maybe ESET firewall has shut it dowm?? Dunno Quote
Dalo Harkin Posted July 23, 2008 Posted July 23, 2008 If you have more than one AV or Firewall program they conflict - ONLY EVER RUN ONE OF EACH. Quote Intel Q6600 @ 4Ghz (Watercooled)Asus P5K premium black pearl4GB OCZ Reaper 8500260GTX Join Free PC Help - Register here Donations are welcome - here PC Build We are all members helping other members.Please return here where you may be able to help someone else.After all, no one knows everything and you may have the answer that someone needs.
pc plodder Posted July 23, 2008 Author Posted July 23, 2008 Thanks for that Dalo Harkin Should i uninstall Mcaffe then? What about Xp firewall, should i disable that as well? Thanks Quote
Dalo Harkin Posted July 23, 2008 Posted July 23, 2008 If you have ESET firewall disable McAfee and Windows Firewalls Quote Intel Q6600 @ 4Ghz (Watercooled)Asus P5K premium black pearl4GB OCZ Reaper 8500260GTX Join Free PC Help - Register here Donations are welcome - here PC Build We are all members helping other members.Please return here where you may be able to help someone else.After all, no one knows everything and you may have the answer that someone needs.
pc plodder Posted July 23, 2008 Author Posted July 23, 2008 Thanks Dalo Harkin. Will do as you advised Regards Steve and thatks again for your interest in my post Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.