Post Your HijackThis logs here

[Zap]

@Trap: Windows 98!!!

Unless you want it, uninstall the Alexa toolbar (considered spyware because of tracking websites).

These entries are part of the Alexa toolbar and should disappear with the uninstall. If not, delete them...
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\SYSTEM\ALXTB2.DLL
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/scri...s/sitedata.htm
O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/scri...ns/related.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/scri...ons/review.htm
O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/scri...ons/mailto.htm
O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/scri...ons/search.htm


This one is for an HP printer. HP typically install extra software and force it to start up, even though it isn't necessary for proper operation of the printer. Remove if you wish, or don't. It's your call. Personally, I would remove it.
O4 - Startup: HP OfficeJet Series 700 StartUp.lnk = C:\Program Files\HP OfficeJet Series 700\bin\HPOstr03.exe


No actual spyware that looks harmful, but startup might go faster if the above is taken care of.

[Trapper]

You da man

Yep. Win 98 and dial up, and I'm looking for work.

Computer is intended for spreadsheets and e-mail. I don't even have a freakin sound card.

[WhatcomsFinest]

Well since this came up again I figured what the heck

I don't think I have ever run HJT on this laptop and I got it used like a year ago

Thanks in advance,
Jeremy

[WhatcomsFinest]

*EDIT*

Here's my updated log, I removed some of the obvious ones

**edit** I just downloaded and am running Adaware SE for the first time on this comp since I got it like a year ago Anyone have any better computer cleanup programs?

[Zap]

@WCF: You can remove...

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

See the note in my message to Trapper above regarding this entry...
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H 1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
(It's Epson, but same thing as the HP printers)

That's about it. Nothing major in yours, either.

[G10]

Quote:

Originally Posted by Trapper

Computer is intended for spreadsheets and e-mail. I don't even have a freakin sound card.

Sound cards are overated anyway.

Just do whatever you're doing and imagine what you think the sounds should be, that way, you'll always know the tune

[South]

Somethings got me and no program can find it. It effects IE and not FF, but the overall performance is down, plus I'm getting alot of 100%CPU Anyone who knows how to read this thing and can find a problem will be appreciated.

Thanks.

[jg_v7n]

Thanks for the help guys

[JamieJelly]

would be grateful if someone could look at my bro'sHJT log

Code:

Logfile of HijackThis v1.99.1
Scan saved at 21:06:02, on 10/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\program files\seekmo\seekmo.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\DOCUME~1\user\APPLIC~1\CURITY~1\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\??crosoft\w?auboot.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R3 - URLSearchHook: (no name) - {954EE2D5-281E-74CE-1DF7-01E2E97323B3} - C:\WINDOWS\system32\mtunrhm.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C1E1187D91AF75760EA83FA5EF80752B94E2DF7D5A7C422E38C1 - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll
O2 - BHO: (no name) - {954EE2D5-281E-74CE-1DF7-01E2E97323B3} - C:\WINDOWS\system32\mtunrhm.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files\Zend\ZendStudioClient-4.0.2\bin\ZendIEToolbar.dll
O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Bwer] "C:\DOCUME~1\user\APPLIC~1\CURITY~1\rundll32.exe" -vt yazb
O4 - HKCU\..\Run: [Sxdquh] C:\WINDOWS\system32\??crosoft\w?auboot.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudioClient-4.0.2\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudioClient-4.0.2\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\ZendStudioClient-4.0.2\bin\ZendIEToolbar.dll
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\ZendStudioClient-4.0.2\bin\ZendIEToolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[John Scott]

G10 used to look at these, no?

[oddjob]

Hello JamieJelly

The log you posted has the following ...

Adware from 180Solutions, Purityscan/Clickspring and Adlogix. It also has spyware from Shopnav.

Furthermore the java is long out of date.

What firewall is operating on this computer?

Suggest your brother goes here .....

http://www.help2go.com/Tutorials/Pro...Hijackers.html

....and runs through all the steps carefully. Post a fresh HJT log after that WITH an update on how the computer is operating now. There may be more to do.


OJ

[joecacia]

Well, this is mine, any ideas?

[oddjob]

jocacia ...

Firsd you have a varient of the smitfraud infection. Go here ....

http://www.help2go.com/Tutorials/Spy...n_3_steps.html

Work through the processes there.

Next, open HJT again ... click on "scan" ... put tick/check marks next to the following entries IF they are still present ...

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab

O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe

O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\lkofmnh.exe (file missing)

Note >> you have an entry in your Trusted Zone. This is your choice but I wouldn't do that no matter who they are. It's like giving someone "open door" to come into your computer and do what they like.

If you want to remove it then add it to the above list of the entries to be fixed.

Don't forget to close all browser windows (including this one) before clicking on "Fix Checked" at the foot of the HJT window.

Reboot to normal mode and post a fresh log with an update on how the computer is operating now.


OJ

[easydesi]

Although I am actively protecting my pc...this is my log. some advices?

[joecacia]

Quote:

SmitFraudFix v2.113

Fichier Process.exe absent !
Dezippez la totalité de l'archive dans un dossier.

Process.exe file missing !
Unzip all the archive in a folder.

Press any key to continue . . .

I always have this message, I can't do nothing

[fatt_joe77]

sort of like easydesi, protecting my computer, but, it's been running a lot slower for the past month or so. Anything wrong with my log? BTW nice site here.

[oddjob]

Hi again joecacia

First, In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how ......

http://www.bleepingcomputer.com/forums/tutorial62.html

Quote:

Originally Posted by joecacia

I always have this message, I can't do nothing

process.exe is sometimes detected as a virus, but in fact it isn't one. It's what's known as a "false positive".

What you need to do is to reboot to safe mode, disable any antivirus/antispyware software on your computer while running the fix (including MS Anti-spyware or Window Defender, or anything else) and then turn it back on afterwards.

To ensure the fix is still intact download a fresh copy and run it rather than the copy you've already used.

NOTE > Smitfraudfix isn't supposed to work from winzip. Do this ....

save the zip file to your computer,
extract it to a folder,
boot into safe mode,
turn off your antivirus and antispyware software, and
run the smitfraudfix cmd file.

We will give you advise on speeding up your system once it's been cleaned (no point in doing it while it's still infected).

Once you've done that (in safe mode - it's important to be in safe mode for it) post a new HJT PLUS the smitfraudfix logfile AND the update on how your computer is working now.


OJ

[joecacia]

OK, so I will do all this stuff at safe mode?

[oddjob]

Quote:

Originally Posted by easydesi

Although I am actively protecting my pc...this is my log. some advices?

The log is clean. Are you having any trouble? If so ... what is it? Please advise.


OJ

[oddjob]

Quote:

Originally Posted by joecacia

OK, so I will do all this stuff at safe mode?

All in sare mode except the final HJT scan after the fixing work. That must be done in normal mode.

OJ