Thread: HijackThis log
LinkBack URL
About LinkBacks- 06-16-2012 02:23 PM #1Member
- Join Date
- Jun 2012
- Posts
- 3
- Points
- 0
HijackThis log
Hello, thi is my log, can you analyze it?
Thanks in advance
Ignazio
-------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21.11.41, on 16/06/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Acer\eRecovery\Monitor.exe
C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
C:\Programmi\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
C:\Programmi\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Softonic VLC IT Toolbar - {edca0f41-f79d-4126-a176-a1b258e033f8} - C:\Programmi\Softonic_VLC_IT\prxtbSof0.dll
R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programmi\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Softonic VLC IT - {edca0f41-f79d-4126-a176-a1b258e033f8} - C:\Programmi\Softonic_VLC_IT\prxtbSof0.dll
O3 - Toolbar: Softonic VLC IT Toolbar - {edca0f41-f79d-4126-a176-a1b258e033f8} - C:\Programmi\Softonic_VLC_IT\prxtbSof0.dll
O3 - Toolbar: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programmi\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Programmi\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [PSUNMain] "C:\Programmi\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAAxADUAMwA3ADAAMAA5ADYALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0AWABPADkAKwAxAC0ARgA5AE0AMwArADEALQBEAEQAVAArADMAMwA0ADMAMgAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAC0ARgA5ADAATQAxADIARQBUACsAMQAtAFQAQgBOACsAMQAtAFUAOQA1ACsAMQAtAEwAOQAwAE0ASgArADIALQBGADkAMABNADEAMgBKAE4AKwAxAC0ARgA5ADAAVQBVAEUAKwAyAC0AUwBUAEYAOQAwAFUAVQBFADEAKwAxAC0ARgA5ADAATQAxADIAUgArADEAMQAtAFYASQBQADEAMgArADEA"&"prod=90"&"ver=9.0.894
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.6.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CC96AC1-197A-4E7C-A223-2DDE2D6E5E25}: NameServer = 208.57.220.220,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CC96AC1-197A-4E7C-A223-2DDE2D6E5E25}: NameServer = 208.57.220.220,8.8.4.4
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 8332 bytes
- 06-16-2012 03:25 PM #2Member Spyware Fighter
- Join Date
- Dec 2005
- Location
- Pittsburgh, Pa
- Posts
- 5,198
- Points
- 931
Hello gnazino70,
Welcome to Help2Go!
Are you having any problems with the computer? Or do you want us to just check over the log..
Could you please perform the exercise below also,
Double click the hijackthis Icon on the Desktop, Scroll down to ‘’Open the Misc Tools section” Click it at the bottom under System tools click “Open Uninstall Manager” over to the right click “Save List” Save it to your Desktop so you may find it, copy and paste it in your next reply..Last edited by zep516; 06-16-2012 at 03:46 PM.
Optimism is the faith that leads to achievement. Nothing can be done without hope and confidence.
- 06-17-2012 09:44 AM #3Member
- Join Date
- Jun 2012
- Posts
- 3
- Points
- 0
ok thanks for your instructions, i submitted the log for a check from experts;
below i report the uninstall list
:-)
------------------------------------------------------------------------------
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6 - Italiano
Aggiornamento della protezione per Windows Internet Explorer 7 (KB2360131)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB2416400)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB2544521)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB2559049)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB2586448)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB2647516)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB2675157)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127-v2)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB982381)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2510531)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2544521)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2699988)
Aggiornamento della protezione per Windows XP (KB923789)
Aggiornamento per Windows XP (KB2718704)
Assistente per l'accesso a Windows Live
ATI Display Driver
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (I)
CCleaner
Chiavetta Internet TM201
Conduit Engine
eMule
EPSON Scan
EPSON SX100 Series Printer Uninstall
Google Chrome
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImageMixer 3 SE Ver.6 Transfer Utility
ImageMixer 3 SE Ver.6 Video Tools
Java(TM) 6 Update 17
Junk Mail filter update
Magic ISO Maker v5.5 (build 0281)
Michelangelo USB ADSL WAN Adapter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox 12.0 (x86 it)
Mozilla Maintenance Service
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Premium
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NTI Backup NOW! 4
NTI CD & DVD-Maker
NTI HomeVideo-Maker
Pacchetto driver Windows - Nokia Modem (06/01/2009 7.01.0.4)
Pacchetto driver Windows - Nokia Modem (10/05/2009 4.2)
Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Panda Cloud Antivirus
Panda Cloud Antivirus
PC Connectivity Solution
PhotoScape
PowerDVD
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Segoe UI
Softonic_VLC_IT Toolbar
Spybot - Search & Destroy
Strumento di caricamento di Windows Live
Trust WB-1400T Webcam
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player 1.0.3
Windows Defender
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
---------------------------------------------------------------------------------------------
Originally Posted by zep516 
Hello gnazino70,
Welcome to Help2Go!
Are you having any problems with the computer? Or do you want us to just check over the log..
Could you please perform the exercise below also,
Double click the hijackthis Icon on the Desktop, Scroll down to ‘’Open the Misc Tools section” Click it at the bottom under System tools click “Open Uninstall Manager” over to the right click “Save List” Save it to your Desktop so you may find it, copy and paste it in your next reply..
- 06-17-2012 10:15 AM #4Member Spyware Fighter
- Join Date
- Dec 2005
- Location
- Pittsburgh, Pa
- Posts
- 5,198
- Points
- 931
Hi ganzino70,
Please disable teatimer in Spybot S&D It could interfere with fixes, here's how
* Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
* On the left hand side, click on Tools, then click on the Resident Icon in the list.
* Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
* Click on the "System Startup" icon in the List
* Uncheck the "TeaTimer" box and "OK" any prompts.
* If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
* Exit Spybot S&D when done.
* (When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.
NEXT
Please "remove"these programs from your Add / remove programs list.
- Java(TM) 6 Update 17
- Conduit Engine
Lets clean up the log a little bit.
Close all browser windows, open Hijackthis, Do a System Scan Only Place a check mark in the following entries in bold:
R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programmi\ConduitEngine\prxConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O3 - Toolbar: Softonic VLC IT Toolbar - {edca0f41-f79d-4126-a176-a1b258e033f8} - C:\Programmi\Softonic_VLC_IT\prxtbSof0.dll
O3 - Toolbar: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programmi\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAAxADUAMwA3ADAAMAA5ADYALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0AWABPADkAKwAxAC0ARgA5AE0AMwArADEALQBEAEQAVAArADMAMwA0ADMAMgAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAC0ARgA5ADAATQAxADIARQBUACsAMQAtAFQAQgBOACsAMQAtAFUAOQA1ACsAMQAtAEwAOQAwAE0ASgArADIALQBGADkAMABNADEAMgBKAE4AKwAxAC0ARgA5ADAAVQBVAEUAKwAyAC0AUwBUAEYAOQAwAFUAVQBFADEAKwAxAC0ARgA5ADAATQAxADIAUgArADEAMQAtAFYASQBQADEAMgArADEA"&"prod=90"&"ver=9.0.894
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
- Click Fix check.
- Close Hijackthis.
- Reboot the Computer.
NEXT
Clean out your temporary internet files and temp files.
Download TFC by OldTimer http://oldtimer.geekstogo.com/TFC.exe to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
Let me know how things are.
Joe.
Optimism is the faith that leads to achievement. Nothing can be done without hope and confidence.
-
The Following User Says Thank You to zep516 For This Useful Post:
Reply With Quote
