Results 1 to 4 of 4

Thread: HijackThis log

  1. #1
    Member
    Join Date
    Jun 2012
    Posts
    3
    Points
    0

    Default HijackThis log

    Hello, thi is my log, can you analyze it?
    Thanks in advance
    Ignazio

    -------------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21.11.41, on 16/06/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    C:\Programmi\Google\Update\GoogleUpdate.exe
    C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    C:\Programmi\Acer\eRecovery\Monitor.exe
    C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
    C:\Programmi\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
    C:\Programmi\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
    C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Google\Chrome\Application\chrome.exe
    C:\Programmi\Google\Chrome\Application\chrome.exe
    C:\Programmi\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programmi\Google\Chrome\Application\chrome.exe
    C:\Programmi\Google\Chrome\Application\chrome.exe
    C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Programmi\Mozilla Firefox\firefox.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.search.yahoo.com/search?fr=mcafee&p=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - URLSearchHook: Softonic VLC IT Toolbar - {edca0f41-f79d-4126-a176-a1b258e033f8} - C:\Programmi\Softonic_VLC_IT\prxtbSof0.dll
    R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programmi\ConduitEngine\prxConduitEngine.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Softonic VLC IT - {edca0f41-f79d-4126-a176-a1b258e033f8} - C:\Programmi\Softonic_VLC_IT\prxtbSof0.dll
    O3 - Toolbar: Softonic VLC IT Toolbar - {edca0f41-f79d-4126-a176-a1b258e033f8} - C:\Programmi\Softonic_VLC_IT\prxtbSof0.dll
    O3 - Toolbar: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programmi\ConduitEngine\prxConduitEngine.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Programmi\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
    O4 - HKLM\..\Run: [PSUNMain] "C:\Programmi\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
    O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAAxADUAMwA3ADAAMAA5ADYALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0AWABPADkAKwAxAC0ARgA5AE0AMwArADEALQBEAEQAVAArADMAMwA0ADMAMgAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAC0ARgA5ADAATQAxADIARQBUACsAMQAtAFQAQgBOACsAMQAtAFUAOQA1ACsAMQAtAEwAOQAwAE0ASgArADIALQBGADkAMABNADEAMgBKAE4AKwAxAC0ARgA5ADAAVQBVAEUAKwAyAC0AUwBUAEYAOQAwAFUAVQBFADEAKwAxAC0ARgA5ADAATQAxADIAUgArADEAMQAtAFYASQBQADEAMgArADEA"&"prod=90"&"ver=9.0.894
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.6.lnk = ?
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0CC96AC1-197A-4E7C-A223-2DDE2D6E5E25}: NameServer = 208.57.220.220,8.8.4.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0CC96AC1-197A-4E7C-A223-2DDE2D6E5E25}: NameServer = 208.57.220.220,8.8.4.4
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
    O20 - AppInit_DLLs:
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
    O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
    O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

    --
    End of file - 8332 bytes

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Hello gnazino70,

    Welcome to Help2Go!

    Are you having any problems with the computer? Or do you want us to just check over the log..

    Could you please perform the exercise below also,

    Double click the hijackthis Icon on the Desktop, Scroll down to ‘’Open the Misc Tools section” Click it at the bottom under System tools click “Open Uninstall Manager” over to the right click “Save List” Save it to your Desktop so you may find it, copy and paste it in your next reply..
    Last edited by zep516; 06-16-2012 at 03:46 PM.

  3. #3
    Member
    Join Date
    Jun 2012
    Posts
    3
    Points
    0

    Default

    ok thanks for your instructions, i submitted the log for a check from experts;
    below i report the uninstall list
    :-)

    ------------------------------------------------------------------------------

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.6 - Italiano
    Aggiornamento della protezione per Windows Internet Explorer 7 (KB2360131)
    Aggiornamento della protezione per Windows Internet Explorer 7 (KB2416400)
    Aggiornamento della protezione per Windows Internet Explorer 7 (KB2544521)
    Aggiornamento della protezione per Windows Internet Explorer 7 (KB2559049)
    Aggiornamento della protezione per Windows Internet Explorer 7 (KB2586448)
    Aggiornamento della protezione per Windows Internet Explorer 7 (KB2647516)
    Aggiornamento della protezione per Windows Internet Explorer 7 (KB2675157)
    Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127-v2)
    Aggiornamento della protezione per Windows Internet Explorer 7 (KB982381)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB2510531)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB2544521)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB2699988)
    Aggiornamento della protezione per Windows XP (KB923789)
    Aggiornamento per Windows XP (KB2718704)
    Assistente per l'accesso a Windows Live
    ATI Display Driver
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window DSLR 5 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities PhotoStitch 3.1
    Canon ZoomBrowser EX (I)
    CCleaner
    Chiavetta Internet TM201
    Conduit Engine
    eMule
    EPSON Scan
    EPSON SX100 Series Printer Uninstall
    Google Chrome
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    ImageMixer 3 SE Ver.6 Transfer Utility
    ImageMixer 3 SE Ver.6 Video Tools
    Java(TM) 6 Update 17
    Junk Mail filter update
    Magic ISO Maker v5.5 (build 0281)
    Michelangelo USB ADSL WAN Adapter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft User-Mode Driver Framework Feature Pack 1.7
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Mozilla Firefox 12.0 (x86 it)
    Mozilla Maintenance Service
    MSVC80_x86_v2
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 7 Premium
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Nokia PC Suite
    NTI Backup NOW! 4
    NTI CD & DVD-Maker
    NTI HomeVideo-Maker
    Pacchetto driver Windows - Nokia Modem (06/01/2009 7.01.0.4)
    Pacchetto driver Windows - Nokia Modem (10/05/2009 4.2)
    Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Panda Cloud Antivirus
    Panda Cloud Antivirus
    PC Connectivity Solution
    PhotoScape
    PowerDVD
    Raccolta foto di Windows Live
    Realtek High Definition Audio Driver
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Segoe UI
    Softonic_VLC_IT Toolbar
    Spybot - Search & Destroy
    Strumento di caricamento di Windows Live
    Trust WB-1400T Webcam
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VLC media player 1.0.3
    Windows Defender
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Sync
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Service Pack 3

    ---------------------------------------------------------------------------------------------


    Quote Originally Posted by zep516 View Post
    Hello gnazino70,

    Welcome to Help2Go!

    Are you having any problems with the computer? Or do you want us to just check over the log..

    Could you please perform the exercise below also,

    Double click the hijackthis Icon on the Desktop, Scroll down to ‘’Open the Misc Tools section” Click it at the bottom under System tools click “Open Uninstall Manager” over to the right click “Save List” Save it to your Desktop so you may find it, copy and paste it in your next reply..

  4. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Hi ganzino70,

    Please disable teatimer in Spybot S&D It could interfere with fixes, here's how

    * Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
    * On the left hand side, click on Tools, then click on the Resident Icon in the list.
    * Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
    * Click on the "System Startup" icon in the List
    * Uncheck the "TeaTimer" box and "OK" any prompts.
    * If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
    * Exit Spybot S&D when done.

    * (When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.

    NEXT

    Please "remove"these programs from your Add / remove programs list.
    • Java(TM) 6 Update 17
    • Conduit Engine


    Lets clean up the log a little bit.

    Close all browser windows, open Hijackthis, Do a System Scan Only Place a check mark in the following entries in bold:

    R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programmi\ConduitEngine\prxConduitEngine.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
    O3 - Toolbar: Softonic VLC IT Toolbar - {edca0f41-f79d-4126-a176-a1b258e033f8} - C:\Programmi\Softonic_VLC_IT\prxtbSof0.dll
    O3 - Toolbar: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programmi\ConduitEngine\prxConduitEngine.dll
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAAxADUAMwA3ADAAMAA5ADYALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0AWABPADkAKwAxAC0ARgA5AE0AMwArADEALQBEAEQAVAArADMAMwA0ADMAMgAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAC0ARgA5ADAATQAxADIARQBUACsAMQAtAFQAQgBOACsAMQAtAFUAOQA1ACsAMQAtAEwAOQAwAE0ASgArADIALQBGADkAMABNADEAMgBKAE4AKwAxAC0ARgA5ADAAVQBVAEUAKwAyAC0AUwBUAEYAOQAwAFUAVQBFADEAKwAxAC0ARgA5ADAATQAxADIAUgArADEAMQAtAFYASQBQADEAMgArADEA"&"prod=90"&"ver=9.0.894
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)


    • Click Fix check.
    • Close Hijackthis.
    • Reboot the Computer.


    NEXT

    Clean out your temporary internet files and temp files.

    Download TFC by OldTimer http://oldtimer.geekstogo.com/TFC.exe to your desktop.

    Double-click TFC.exe to run it.

    Note: If you are running on Vista, right-click on the file and choose Run As Administrator

    TFC will close all programs when run, so make sure you have saved all your work before you begin.

    * Click the Start button to begin the cleaning process.
    * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
    * Please let TFC run uninterrupted until it is finished.

    Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

    Let me know how things are.
    Joe.

  5. The Following User Says Thank You to zep516 For This Useful Post: