System Clean Log File Help Request - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 12-14-2006, 09:05 AM   #1 (permalink)
Newb Techie
 
Join Date: Oct 2006
Posts: 37
Default System Clean Log File Help Request

Howdy all. I had a problem at the start of this week with my girlfriends comp. I got some advice from Camouflage and followed his advice on the spyware removal software.

Unfortunatley cos i don't live with my missus and have work to go to aswell it has taken me a while to actually get all the cleaning and scanning done. So apologies for that.

However I am now in possesion of the Hijackthis log file. The Users guide tutorial and help file I'm now going through as quick as I can.

I have noticed during the cleaning process that my IE home page option (Start Menu- Control Panel- Internet Options- General Tab- Home Page )is greyed out. (She primarily uses firefox 2.0)

Even so that is the only apparent sympton of anything else wrong apart from the system being slow and occasionally unresponsive.

Below is the Hijackthis log file.

I would really appreciate someone who knows it casting an eye across it and pointing out anything that they see. I've seen some stuff myself that I'm suspicous of, but simply don't know Hijackthis well enough yet to risk any acton against it.

Many thanks to Camouflage for his post and suggested spyware removal tools link and thanks to any who are willing to help me with this one in advance.

Regards

Ding
__________________

Dingadilly is offline  
Old 12-14-2006, 09:06 AM   #2 (permalink)
Newb Techie
 
Join Date: Oct 2006
Posts: 37
Default Heh Forgot Log file Sorry :P

Logfile of HijackThis v1.99.1
Scan saved at 13:06:35, on 14/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Install\System Security\Anti Vir\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Install\System Security\Anti Vir\AntiVir PersonalEdition Classic\avguard.exe
D:\Fix Install\Eiwido\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Install\Disk management\Acronis\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Install\System Security\Anti Vir\AntiVir PersonalEdition Classic\avgnt.exe
D:\Fix Install\Eiwido\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Install\System Security\Spybot 1.4\TeaTimer.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Install\Disk management\Acronis\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Install\System Security\Anti Vir\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Fix Install\Eiwido\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Install\System Security\Spybot 1.4\TeaTimer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Install\WORKRE~1\MSOFFI~1\OFFICE11\EXC EL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Install\WORKRE~1\MSOFFI~1\OFFICE11\REF IEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1162060293061
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: interceptor.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Install\System Security\Anti Vir\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\Install\System Security\Anti Vir\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Fix Install\Eiwido\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\Install\IPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
__________________

Dingadilly is offline  
Old 12-14-2006, 09:14 AM   #3 (permalink)
Master Techie
 
baronvongogo's Avatar
 
Join Date: May 2005
Location: United Kingdom, Warrington
Posts: 2,756
Default

It looks fine the only 2 entries I would remove are:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

but only if you set restrictions on these and know you did it, unless shes not the admin on her comp just using a limited account?
__________________
baronvongogo is offline  
Old 12-14-2006, 10:14 AM   #4 (permalink)
Newb Techie
 
Join Date: Oct 2006
Posts: 37
Default

Hmmm, This would be what has effectivley locked me out of the home page tab under internet options then yes?

I've certainly not applied any such restrictions intentionally. I also somewhat doubt she has.

It's a single user XP system and so I assume she has full admin rights as there is no other account.
ie: anything that either of us would have changed regarding restrictions must've been done through this single account.

Pretty sure neither of us have though.

Would that mean that "something else" changed it? :P
Dingadilly is offline  
Old 12-14-2006, 10:25 AM   #5 (permalink)
Master Techie
 
baronvongogo's Avatar
 
Join Date: May 2005
Location: United Kingdom, Warrington
Posts: 2,756
Default

yes I would think thats whats greyed out the homepage part if niether of you have done it then Id remove both entries in hijackthis.
__________________
baronvongogo is offline  
Old 12-14-2006, 11:26 AM   #6 (permalink)
Newb Techie
 
Join Date: Oct 2006
Posts: 37
Default removed

Have removed the two 06 entries and the internet options home page option has become active once again. Am gonna hand over system back to gf for her opinion as regard it now being "fixed" or not

Thanky for your advice, very much appreciated.

Will post back if anything goes pear shaped or gets worse but it seems that the troubles are over

Regards

Ding
Dingadilly is offline  
Old 12-14-2006, 11:27 AM   #7 (permalink)
Master Techie
 
baronvongogo's Avatar
 
Join Date: May 2005
Location: United Kingdom, Warrington
Posts: 2,756
Default

No problem feel free to post back with any problems or if it persists.
__________________

__________________
baronvongogo is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 04:10 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.