HJT

[xonk]

Hi

Noticed that there is an update of HJT V.2.0.2 (Trend Micro) and time permitting I wonder if someone can have a look at my log. Perhaps this new version may discover something which was not noticeable in the previous version (V1.99.1)

quote

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:48 AM, on 7/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SCARDS32.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: alice-dsl.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176319604781
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup163.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2117A93-CE96-4EA7-9503-D07B2061001A}: NameServer = 213.191.74.11 213.191.92.82
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: CHIPDRIVESCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5286 bytes

[pheonix73]

First off what are the problems you are having,if any.Secondly,I have not yet heard if the beta version is fully fixed,as to not give false positives yet.When you do post back here,make sure that is you are experiencing any problems that you read the sticky before posting and attach all appropriate logs.Also include you systems resources to rule out any problems having not enough memory or ram might cause.Judy or one of the other admins would be more than willing to take a look at your logs and tell you what they find.

[ShadowPuterDude]

Many people are under the very mistaken impression that HijackThis (HJT) is a Malware removal tool. It is not. HJT is simply a tool that is used to identify browser hijackers and in some cases will show entries for 'some' Malware that is, for instance, running at startup, but HJT will by no means show everything. Those who have infected computers and are relying on HJT without the benefit of running additional scans such as the ones listed in READ ME Before Posting A Request For Assistance! or more than likely still infected.

Your HijackThis log shows no signs of Malware.

[xonk]

Hi Guys

Tkx for your input.
At the time of posting thread I did see the HJT v2.0.2 (update) which was definitely not a BETA version.
This was the reason why I sent copy for evaluation (time permitting). Since receiving your response I have encountered a problem which perhaps does not come under HJT.
The problem which I have encountered is in connection with Windows Shutdown / Restart.
I find that I am unable to carry out either of these operations. I am receiving notification that my settings are being saved - windows is shutting down.
Thereafter it hangs which requires me to shutdown manually.

Are you able to suggest a reason for this irregularity or point me to a correct thread where help can be acquired.

Much appreciated
xonk

[ShadowPuterDude]

When ever Windows fails to shutdown is because it cannot terminate a running service/process. This is almost always caused by a misbehaving (corrupt) hardware driver.

One thing you can do is invoke Windows File Protection by running the command sfc /scannow at the command line in the command terminal.

Do so by doing the following:
Start -> Run
type cmd
Click 'OK'

At the command prompt, type sfc /scannow and press the Enter Key.

This may or may not resolve the issue.

[xonk]

HI Dude

As suggested i invoked Windows File Protection but ran into problems as follows:

When I ran the cmd the process began and upon inserting XP Disc it kept telling me that the wrong disc was inserted. I know this was not true so I clicked to continue. It then continued but very often the same thing happened. This lasted in the vicinity of 20 mins and it eventually packed up. I say packed up because when it was nearing the end everything just disappeared with nothing showing.
As you mentioned the problem could very well be a corrupted driver or something of the sort because I decided to disable/stop any running processes shown in systray and surprise surprise shut worked fine as in the past. The 2 items shown as running in my systray were my AVG which is Zonealarm security suite and my isp connection.
I have since carried out the procedure of disabling/stopping these two on each occasion of shutting and no problems since.
Any further suggestions as how to alleviate this problem which would appear to be my AVG prog. ??

[TurcoLoco]

Are you sure it is AVG and not ZoneAlarm?
Have you shutdown ZoneAlarm and leave AVG running and see if it would shutdown or not?

[xonk]

Somewhat confused. I am using Zone Alarm Security Suite which is an anti-virus/anti-spyware. Does it not cover both aspects of your question.

There is only one icon in the system tray which is the one I click to locate shutdown function and it alleviates this pain in the a--- of having to wait 20 mins before restart or close down completely.

Hope you see where I am coming from !!!

[ShadowPuterDude]

Sounds to me that Zone Alarm is corrupt. Exit only the ZA processes and try shutting down your computer.

If it shuts down properly then you need to fully uninstall the ZA Security Suite, reboot and install.

[TurcoLoco]

Sounds to me that Zone Alarm is corrupt. Exit only the ZA processes and try shutting down your computer.

If it shuts down properly then you need to fully uninstall the ZA Security Suite, reboot and install.

Furthermore, if you have the ZA full suite which already comes with a Virus Scanner then what do you need AVG for? In that case, I would shutdown ZoneAlarm (not uninstall), then uninstall AVG, reboot afterwards and then check again if rebooting/shutting down is still a problem or not.
If it is then do what SPD suggested...

Godd Luck.