Results 1 to 8 of 8

Thread: Hijkck this analyzer not working

  1. #1
    Join Date
    Jul 2010
    Posts
    5

    Angry Hijkck this analyzer not working

    I copied and pasted my hijack this log and said. Critical Error! Your log contains HTML tags. Valid HijackThis logs should not have HTML tags. Are you *sure* you're using this system for analysing your HijackThis logs?
    this is so lame hijack this put the html into the log.
    heres my log file i pasted its from hijack this. Whats going on here?

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:37:57 PM, on 7/19/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    i:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    I:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Linksys\WMP110\WMP110.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    D:\Game Files\Xfire\Xfire.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Linksys\WMP110\gtwpssrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    I:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Linksys\WMP110\WLSngS.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Trend Micro\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [avast5] i:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WMP110] C:\Program Files\Linksys\WMP110\WMP110.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Xfire.lnk = D:\Game Files\Xfire\Xfire.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: avast! Antivirus - ALWIL Software - i:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - i:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - i:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GTWPSSRV (GTWPSService) - Unknown owner - C:\Program Files\Linksys\WMP110\gtwpssrv.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Linksys\WMP110\jswpsapi.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - I:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
    O23 - Service: WLSng Service - TODO: <Company name> - C:\Program Files\Linksys\WMP110\WLSngS.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 5862 bytes

  2. #2
    Join Date
    Aug 2006
    Location
    255.255.255.666
    Posts
    2,056
    Hi, first of, what is wrong with your system? What type of symptoms do you have?

    Second, hwy are some of your program files are pointing to the I drive which I am guessing either another physical drive or external drive. All your programs should point to the same location unless either their own installer selected its own installation location or the apps in question are portable, otherwise you may run into problems due to the related inconsistency in the registry. Again this is not a major issue but more of an oddity:

    i:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    I:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Linksys\WMP110\WMP110.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    D:\Game Files\Xfire\Xfire.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Linksys\WMP110\gtwpssrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    I:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe

    Again, what was your reason to run the HijackThis log?

  3. #3
    Join Date
    Jul 2010
    Posts
    5
    Firstly the reason there are different destination drives is because i have more than one hard drive and i use each for for different files. For instance i use C:\ for windows and driver files only a 30gb partition. D:\ for my games and message apps for my games hence xfire on d a 55 gb partition. i have a drive E:\ which is for my multimedia apps and music and movies a 103 gb partition. and then drive I:\ for my programs like alcohol 52 to my anti virus a 48 gb partition.

    I recently got the new e1000 linksys router and im having connectivity issues with it and was wondering if hijack this could find any thing wrong with my system.

  4. #4
    Join Date
    Aug 2006
    Location
    255.255.255.666
    Posts
    2,056
    Quote Originally Posted by skater0guy View Post
    Firstly the reason there are different destination drives is because i have more than one hard drive and i use each for for different files. For instance i use C:\ for windows and driver files only a 30gb partition. D:\ for my games and message apps for my games hence xfire on d a 55 gb partition. i have a drive E:\ which is for my multimedia apps and music and movies a 103 gb partition. and then drive I:\ for my programs like alcohol 52 to my anti virus a 48 gb partition.
    In theory, it is fine to have separate partition, it might actually be wise to do so unless you start duplicate default program installation locations. Having multiple \Program Files\ pointers in the registry is not wise. You should either install them to another subfolder with a different name or simply install all programs to C:\Program Files folder.
    I have multiple partition too but only one installation directory for registered programs, anything not registered (data, portable apps, etc.) can be anywhere, naturally.
    Another problem I will mention is not the size of the partition but the Total size/Available space ratio. Especially on actual, physical disks, if your used space exceeds 40% of the total disk space, you will have a performance hit, when it exceeds 60%, things could really drag. Just a "heads up" for you.

    I recently got the new e1000 linksys router and im having connectivity issues with it and was wondering if hijack this could find any thing wrong with my system.
    I have been out of the HJT Log Analyzing business a while now but still, I could see nothing other than bunch of unnecessary clutter, nothing malicious that I could see.

    Try running SilentRunners.vbs file I attached to this post. Unzipped the attached file to your desktop and then double-click on the SilentRunners.vbs file. You can select the supplemental scan option if you want. Once done it will inform you, then you can attach the txt file to your next post. If there is anything hidden in any of the startup locations, this script could help spot it.

    If there is no infection, then the problem might be related to your router or system network settings. I had an issue with my previous Linksys router where it would intermittently disconnect me from Internet, sometimes reconnecting within a few seconds and sometimes requires a power reset on the router. Sometimes a firmware is very helpful, so I'd check on that too.
    Attached Files Attached Files

  5. #5
    Join Date
    Jul 2010
    Posts
    5
    ok for my drives there are 4 of them C: for windows and drivers has 14.22 gb free witch is 41% free space. D: for my games @ 10.16 gb 18% fs. E: for multimedia 40.39 gb 39% fs. I: for programes 15.01 gb 30% fs.
    i pressed no to do the longer scan heres the log

    p.s. I dont know if this is any consolation but there are 8 svchost.exe processes running.

    "Silent Runners.vbs", revision 56, http://www.silentrunners.org/
    Operating System: Windows XP
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
    "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
    "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
    "avast5" = "i:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui" ["ALWIL Software"]
    "nwiz" = "C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet" ["NVIDIA Corporation"]
    "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
    "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
    "WMP110" = "C:\Program Files\Linksys\WMP110\WMP110.exe" ["Linksys"]
    "PWRISOVM.EXE" = "C:\Program Files\PowerISO\PWRISOVM.EXE" ["PowerISO Computing, Inc."]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Spybot-S&D IE Protection"
    \InProcServer32\(Default) = "I:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
    -> {HKLM...CLSID} = "Display Panning CPL Extension"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
    -> {HKLM...CLSID} = "DesktopContext Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{11016101-E366-4D22-BC06-4ADA335C892B}" = "IE History and Feeds Shell Data Source for Windows Search"
    -> {HKLM...CLSID} = "IE History and Feeds Shell Data Source for Windows Search"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
    -> {HKLM...CLSID} = "iTunes"
    \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
    "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "i:\Program Files\Alwil Software\Avast5\ashShell.dll" ["ALWIL Software"]
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
    -> {HKLM...CLSID} = "Desktop Explorer"
    \InProcServer32\(Default) = "C:\Program Files\NVIDIA Corporation\nView\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\NVIDIA Corporation\nView\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
    -> {HKLM...CLSID} = "nView Desktop Context Menu"
    \InProcServer32\(Default) = "C:\Program Files\NVIDIA Corporation\nView\nvshell.dll" ["NVIDIA Corporation"]
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
    -> {HKLM...CLSID} = "NVIDIA CPL Extension"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
    -> {HKLM...CLSID} = "Microsoft Office Outlook"
    \InProcServer32\(Default) = "I:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL" [MS]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
    -> {HKLM...CLSID} = "Outlook File Icon Extension"
    \InProcServer32\(Default) = "I:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL" [MS]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "I:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
    "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"
    -> {HKLM...CLSID} = "PowerISO"
    \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\
    "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
    -> {HKLM...CLSID} = "WPDShServiceObj Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
    Last edited by skater0guy; 07-22-2010 at 01:34 AM.

  6. #6
    Join Date
    Aug 2006
    Location
    255.255.255.666
    Posts
    2,056
    Quote Originally Posted by skater0guy View Post
    ok for my drives there are 4 of them C: for windows and drivers has 14.22 gb free witch is 41% free space. D: for my games @ 10.16 gb 18% fs. E: for multimedia 40.39 gb 39% fs. I: for programes 15.01 gb 30% fs.
    i pressed no to do the longer scan heres the log
    How dare you say No to longer scan!?!? Just kidding, that is fine.
    Again, nothing out of the ordinary that my semi-buzzed eyes could detect.
    I have a feeling your issue might be related to the Linksys router/switch or even ISP.

    p.s. I dont know if this is any consolation but there are 8 svchost.exe processes running.
    Most of the generic system processes will use it but still 8 sounds a bit too much. To dig deeper to see what those svchost.exe processes are use the freebie ProcessExplorer.

  7. #7
    Join Date
    Jul 2010
    Posts
    5
    i ran the program and just took a screen shot of everything as apposed to typing it all out.

    Last edited by skater0guy; 07-23-2010 at 05:49 PM.

  8. #8
    Join Date
    Aug 2006
    Location
    255.255.255.666
    Posts
    2,056
    Sorry, I had a ton of work that kept me away. Anyhow, you could have simply done this in ProcessExplorer:
    "File" > "Save as" and save it as a text (.txt) file and attach it to the post.

    You have a ton of stuff running, I am surprised Windows is not crashing once in a while but seriously, with this many processes/services running, regardless how powerful your system is, it will take a hit. Number of svchost.exe can be justified looking at these screenshots.

    I noticed the "gtwpssrv.exe" which might belong to Linksys. Why does it have to run in the background? I have and am using Linksys hubs, switches/routers as well as other brands, never needed to install anything for them other than applicable firmware updates.

    I think you just need to clean up your startup locations which should immensely improve the overall performance of your system. For example, Java Quick Starter service, can suck up resources and even bandwidth, do you have that many Java based applications that are running from boot up and on?

    Imho, one or two Java based apps do not justify having that service kick in at boot and run in the background during the entire session. This was just one example, I am sure I can dig up a bunch more if you can submit a copy of your Autoruns log file with your next post.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •