n64jive Posted April 25, 2007 Share Posted April 25, 2007 HJT Log My computer's been acting up a lil bit, so I did some virus scans and Adware scans and Defragmented and Deleted temp files. I was wondering if someone could check out this log. Logfile of HijackThis v1.99.1 Scan saved at 4:03:22 PM, on 4/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss[Caution: Executable File] C:\WINDOWS\system32\winlogon[Caution: Executable File] C:\WINDOWS\system32\services[Caution: Executable File] C:\WINDOWS\system32\lsass[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: Executable File] C:\WINDOWS\system32\spoolsv[Caution: Executable File] C:\PROGRA~1\Grisoft\AVG7\avgamsvr[Caution: Executable File] C:\PROGRA~1\Grisoft\AVG7\avgupsvc[Caution: Executable File] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM[Caution: Executable File] C:\WINDOWS\system32\HPZipm12[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\Explorer[Caution: Executable File] C:\WINDOWS\system32\hkcmd[Caution: Executable File] C:\Program Files\Java\jre1.5.0_11\bin\jusched[Caution: Executable File] C:\WINDOWS\system32\hphmon06[Caution: Executable File] C:\PROGRA~1\Grisoft\AVG7\avgcc[Caution: Executable File] C:\Program Files\iTunes\iTunesHelper[Caution: Executable File] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: Executable File] C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: Executable File] C:\Program Files\iPod\bin\iPodService[Caution: Executable File] C:\Program Files\HP\Digital Imaging\bin\hpqimzone[Caution: Executable File] C:\Program Files\HP\Digital Imaging\bin\hpqSTE08[Caution: Executable File] C:\Documents and Settings\HP_Owner\My Documents\HijackThis[Caution: Executable File] C:\Program Files\Mozilla Firefox\firefox[Caution: Executable File] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O1 - Hosts: 69.61.60.61 mozor.swiftirc.net O1 - Hosts: 88.191.36.51 mozor.swiftirc.net O1 - Hosts: 208.53.170.149 mozor.swiftirc.net O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd[Caution: Executable File] O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched[Caution: Executable File]" O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06[Caution: Executable File] O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc[Caution: Executable File] /STARTUP O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: Executable File]" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier[Caution: Executable File] O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: Executable File] O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08[Caution: Executable File] O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL[Caution: Executable File]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag[Caution: Executable File] (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag[Caution: Executable File] (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146785664046 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr[Caution: Executable File] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc[Caution: Executable File] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File] O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService[Caution: Executable File] O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12[Caution: Executable File] O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: Executable File] Link to comment Share on other sites More sharing options...
scorpus57 Posted April 27, 2007 Share Posted April 27, 2007 I see you are using Internet Explorer. I good tip would be to get Firefox I use and its a great web interface Windows Defender is a good real time virus protection (Genuine Windows XP/Vista only) If your computer gets really stuffed, backup your stuff and reinstall Windows. ~~!~~ScOrPuS~~!~~ Link to comment Share on other sites More sharing options...
adi Posted May 19, 2007 Share Posted May 19, 2007 Try running a scan in safe mode using Avast antivirus Link to comment Share on other sites More sharing options...
n64jive Posted May 19, 2007 Author Share Posted May 19, 2007 I see you are using Internet Explorer. I good tip would be to get Firefox I use and its a great web interface Windows Defender is a good real time virus protection (Genuine Windows XP/Vista only) If your computer gets really stuffed, backup your stuff and reinstall Windows. I use firefox...I don't see where you see internet explorer, but if you look under running processes, you can see firefox. Link to comment Share on other sites More sharing options...
Cruiser Posted May 19, 2007 Share Posted May 19, 2007 I see you are using Internet Explorer. I good tip would be to get Firefox I use and its a great web interface Windows Defender is a good real time virus protection (Genuine Windows XP/Vista only) If your computer gets really stuffed, backup your stuff and reinstall Windows. 1) No he isn't using IE. That is the homepage setting for IE. It's currently set to an HP Pavilion home page because (shock!) that's what HP sets it to before it's sold. 2) Windows Defender has been proven to suck. It works if you don't have other protection, but that isn't the case. He already has AVG and ZoneAlarm installed, so using Defender would be a step backwards. Conclusion: You shouldn't be reading and replying to HJT logs. People like you break things. I don't see anything major jumping out of the log. All of it looks like the basic Windows services and bundled HP helper software. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now