Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Another HJT Log 2

Status
Not open for further replies.
TheAceMan1

TheAceMan1

Programmer
Sep 23, 2003
11,174
US
Howdy all! . . .

Although I've tried free scanners I'd still like comments on the following HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:16 PM, on 2/23/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\hp\kbd\kbd.exe
C:\Apps\HiJack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\x86\Toolbar\CallingIDIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\x86\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - O18 - Protocol: callingid - {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\x86\Toolbar\CallingIDToolbar.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SystemSuite Task Manager - Ontrack Data International - C:\PROGRA~2\Ontrack\SYSTEM~1\MXTask.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: WinSock Extention Manager (WinExtManager) - Unknown owner - C:\Windows\SysWOW64\mdmcls32.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\Windows\SysWOW64\svcprs32.exe
O23 - Service: WinSvchostManagerSrv - Unknown owner - C:\Windows\SysWOW64\cfgmig32.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9718 bytes

[blue]Your Thoughts? . . .[/blue]

See Ya! . . . . . .

Be sure to see thread181-473997 [blue]Worthy Reading![/blue] [thumbsup2]
Also faq181-2886 [blue]Worthy Reading![/blue] [thumbsup2]
 
Sort by date Sort by votes
To me, at first glance, this is just looking like what I'd expect from a storebought PC.

If you're looking to clean it up, get it running faster, here are my personal suggestions:
1. You can use Symantec Norton if you want, but generally you'll fare better with one of a few alternatives: Avira Antivir (free or paid), Nod32 (paid), Avast!, maybe still AVG.

2. You could download and run this app: The PC Decrapifier to get rid of some of the extras.

3. There are some start-up items you could simply disable from your Start-Run, type msconfig... under startup tab, uncheck these:
*Adobe Speed Launch
*QuickTime... Quick Pick (you can also disable this directly within the Quicktime software, under browser settings I believe...
*Some others that I can't seem to remember, but don't really want to re-read the whole thing. [smile]

You could also go into the options on some of that HP software, and disable it's auto-start, startup options. Then again, if any of it you don't use, or don't think you'll use, I'd just uninstall a bunch of that HP stuff. It sounds like the typical extra garbage that the manufactures include when you first buy the machines, but hardly anyone actually uses them.

You could also run one or all of these all-in-one type scanners to possibly auto-clean some of those missing file, etc type findings: CCleaner, Glary Utilities, Advanced System Care - you can find them all at
You say you used some free scanners? Do you have a particular reason? Some reason to think infected, or are you just wanting to be safe?

My personal suggestions for PC protection is this:
1. A firewalled router - basically any router you can pick up off the shelf will do well enough for most people.
2. A software firewall (Not Norton, by personal preference) - I'd go with Online Armor for 32 bit systems, and Comodo Internet Security for 64 bit systems (currently).
3. Avira Antivir or Nod32 for antivirus
4. SuperAntispyware and Malwarebytes Antimalware installed from the start, so that if you DO get an infection, you may be more able to actually run these apps and remove the infection than if you installed them only when a problem is present.
5. SpywareBlaster - helps verify many of your system/internet settings are secure.

Well, that should take care of it for the most part. [wink]

Any specific things got you concerned? I can definitely see where the performance on that machine may be sluggish, but if you simply "un-start" or uninstall a bunch of it, you'll be cruisin'.


--

"If to err is human, then I must be some kind of human!" -Me
 
Upvote 0 Downvote
How are ya kjv1611 . . .
kjv1611 said:
[blue]You say you used some free scanners? Do you have a particular reason? Some reason to think infected, or are you just wanting to be safe?[/blue]
Click to expand...
Just checking how safe I really am ...
kjv1611 said:
[blue]Any specific things got you concerned?[/blue]
Click to expand...
Yes ... those entries tagged with [red](file missing)
[/red]. I've tried to remove then with HJT(fix button) but after reboot they remain. I'm just not believing its ok for the entries too remain this way.

[blue]Your Thoughts? . . .[/blue]

See Ya! . . . . . .

Be sure to see thread181-473997 [blue]Worthy Reading![/blue] [thumbsup2]
Also faq181-2886 [blue]Worthy Reading![/blue] [thumbsup2]
 
Upvote 0 Downvote
I think that if you run one of the all-in-one scanners I mentioned, they may very well clean those up for you... and safely. CCleaner has a "cleaner" portion of the app, a "registry cleaner" portion, and an uninstaller. The other 2 apps also scan the registry, shortcuts, etc for missing files and such. They really do work very well. I've used them on many machines, and only once did I see any problems at all (CCleaner), and it was not a major problem - it messed up a cheap game which was easily reinstalled... and that's been at least 3 years ago, I think.

--

"If to err is human, then I must be some kind of human!" -Me
 
Upvote 0 Downvote
The reason I think the cleaners will work for you is that it seems that the problem is being caused by a registry entry or shortcut which should have previously been removed by another program but was not. So, for instance, you got a more updated version of a program... the uninstaller didn't clean up ALL the old stuff, just some of it. [wink]

Let us know how that works out for you.

--

"If to err is human, then I must be some kind of human!" -Me
 
Upvote 0 Downvote
those entries tagged with (file missing)
Click to expand...
No need to worry...

those entries are Vista x64 related, meaning they are software hooks for compatibility (from what I understand), and will always get recreated when deleted...



Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

electricpete
  • Locked
  • Question
ComboFix log 2
Replies
15
Views
283
electricpete
electricpete
electricpete
  • Locked
  • Question
Rootkit Reveal Log 1
Replies
2
Views
75
goombawaho
goombawaho
MarkZK
  • Locked
  • Question
Another HJT log 1
Replies
3
Views
71
BadBigBen
BadBigBen
2ffat
  • Locked
  • Helpful tip
Another rescue disk 1
Replies
4
Views
92
goombawaho
goombawaho
lancekidd
  • Locked
  • Question
Hijack Log
Replies
7
Views
106
kjv1611
kjv1611

Part and Inventory Search

Sponsor

Back
Top