Hijackthis log (solved)

[Bowler]

Hi Guys,

 

Could someone please have a look at my hijackthis log. I have recently had a few problems with the start up which have now been sorted out. The pc is working ok at the moment.

If there is anything that shouldn't be there I would appreciate your letting me know

Thanks.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:11:18, on 19/06/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS.1\System32\smss.exe

C:\WINDOWS.1\system32\winlogon.exe

C:\WINDOWS.1\system32\services.exe

C:\WINDOWS.1\system32\lsass.exe

C:\WINDOWS.1\system32\nvsvc32.exe

C:\WINDOWS.1\system32\svchost.exe

C:\WINDOWS.1\System32\svchost.exe

C:\WINDOWS.1\system32\spoolsv.exe

C:\WINDOWS.1\system32\dldncoms.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Kontiki\KService.exe

C:\WINDOWS.1\system32\svchost.exe

C:\Program Files\Webroot\Washer\WasherSvc.exe

C:\WINDOWS.1\Explorer.EXE

C:\WINDOWS.1\RTHDCPL.EXE

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\WINDOWS.1\system32\RUNDLL32.EXE

C:\WINDOWS.1\system32\ctfmon.exe

C:\Program Files\Webroot\Washer\wwDisp.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS.1\system32\SearchIndexer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, Unterhaltung, Nachrichten, Sport, Jobs, Immobilien und mehr bei MSN AT

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, Unterhaltung, Nachrichten, Sport, Jobs, Immobilien und mehr bei MSN AT

O1 - Hosts: ÿþ127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.1\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.1\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.1\system32\ctfmon.exe

O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.1\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.1\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.1\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.1\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://yahoouk.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.1\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.1\system32\browseui.dll

O23 - Service: dldnCATSCustConnectService - Unknown owner - C:\WINDOWS.1\System32\spool\DRIVERS\W32X86\3\\dldnserv.exe

O23 - Service: dldn_device - - C:\WINDOWS.1\system32\dldncoms.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS.1\system32\nvsvc32.exe

O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--

End of file - 5803 bytes

[Starbuck]

Hi Bowler,

 

you don't seem to have a lot of luck with your hosts file do you?

 

Download HostsXpert.zip

• Extract (unzip) HostsXpert.zip to a permanent folder on your hard drive such as C:\HostsXpert
  
• Double-click HostsXpert.exe to run the program.
  
• Click "Make Hosts Writable?" in the upper left corner (Only If available).
  
• Click "Restore Microsoft's Hosts file" and then click "OK".
  
• Click the X to exit the program.
  
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

 

Run Hijackthis again, click scan, and Put a checkmark next to this item.

 

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

 

Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers.

Then close all other windows, browsers etc--you should only see HijackThis on your Desktop--and click the Fix Checked button.

 

Reboot your computer to complete the process.

 

Apart from that, everything looks ok.

[Bowler]

Thanks Starbuck,

 

I do seem to have a lot of trouble with this pc. Unfortunately there are two other people who use it that are not really as pc literate as me and they tend to go into sites they shouldn't even though I've told then how to be safe.

The pc seems to be ok now, but before I posted here, it would not boot up, I could not get into safe mode, all I had was a blue desktop with no icons and I couldn't get the classic view in the control panel.

I got some help from pc plodder to get it up and running and he suggested that I send the Hijacklthis log because he thought it looked suspicious.

Thanks to him and yourself I am now up and running again (untill the next time!!!)

 

Thanks once again much appreciated.

[Starbuck]

It's no trouble at all Bowler,

 

Unfortunately there are two other people who use it that are not really as pc literate as me and they tend to go into sites they shouldn't even though I've told then how to be safe.

That's always a big drawback.

 

We are always here if you have any further problems.