Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Jacee help with HJT Log Please


24 Apr 2009   #1

 
 
Jacee help with HJT Log Please

Hello Jacee and the rest of the gang here, let me start off by saying i need help!

here is my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:16:16 PM, on 4/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Carson\Desktop\HiJackThis\HijackThis.exe
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - Global Startup: Azureus Vuze.lnk = E:\Program Files\Azureus\Azureus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\iassam32.dll
O20 - Winlogon Notify: qoMccYRj - qoMccYRj.dll (file missing)
O23 - Service: Google Update Service (gupdate1c9b31cd9abb7d3) (gupdate1c9b31cd9abb7d3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 3749 bytes

i wont be able to get back until after work tonight so until then have a great day.


My System SpecsSystem Spec
.

24 Apr 2009   #2

Windows 7 Ultimate x64 SP1
 
 

Hi jblade and welcome to Sevenforums,

Just letting you know these are forums for Windows 7, not Windows XP.
My System SpecsSystem Spec
24 Apr 2009   #3

Vista Ult 64bit - Windows 7 Ult 7264 64bit
 
 

Hi Airbot

jblade is here on my invitation, he's a friend from another forum and needed Jacee's help.
Plus we may be able to talk him into trying 7 out...
My System SpecsSystem Spec
.


24 Apr 2009   #4

Windows 7 Ultimate x64 SP1
 
 

Ok Chapster..thanks for letting me know.
My System SpecsSystem Spec
24 Apr 2009   #5

Vista Ult 64bit - Windows 7 Ult 7264 64bit
 
 

Sorry about that rather vicious beating I had to give you there Airbot, but I had to do what I had to do...

Anyway, I don't see anything extremely nasty in there, we do have the two items I pointed out to him on the other board we frequent, but I wanted Jacee to apply her formidable skill-set to the task to make sure.

Welcome jblade, and maybe we can talk you into going from that ancient OS to the newest and what we believe will be MS's biggest jump forward since XP SP2.
We find that many who couldn't run Vista are able to run Windows 7 with no major issues too, so maybe you can carve out a partition and give 7 a go.
My System SpecsSystem Spec
24 Apr 2009   #6

Slackware / Windows 7 x64 7100
 
 

Malwarebytes should take care of the two problems I see in that log.

O20 - AppInit_DLLs: C:\WINDOWS\System32\iassam32.dll
O20 - Winlogon Notify: qoMccYRj - qoMccYRj.dll (file missing)
My System SpecsSystem Spec
24 Apr 2009   #7

Vista Ult 64bit - Windows 7 Ult 7264 64bit
 
 

Hi sqdnguns

Both the same I saw, but he has run MBAM apparently and yet there they are still, although the Winlogn O20 entry shows File Missing.
I want Jacee to run thru with her other tools on this one as I think something may be lurking beneath the surface since he's having trouble running AV on the system too.
My System SpecsSystem Spec
24 Apr 2009   #8

Slackware / Windows 7 x64 7100
 
 

Have him try Dial-a-Fix, one of my former techs wrote this app when he was working for me.

http://wiki.lunarsoft.net/wiki/Dial-...C_and_articles

Have him check the policies button, select unhide and then rescan.

An updated Spybot S&D will actully clean out remnants of items MBAM missed.
My System SpecsSystem Spec
24 Apr 2009   #9

Windows 7 Ultimate x64 SP1
 
 

Quote:
Sorry about that rather vicious beating I had to give you there Airbot, but I had to do what I had to do...
lol....that's alright, I had to do what I had to do too.
My System SpecsSystem Spec
24 Apr 2009   #10
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Hi jblade,
Download Combofix from the link below, and save it to your desktop.<--Important
Link 1
Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.


This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt
New HJT log taken after the above scan has run
***A guide and tutorial on "How to use Combofix" can be found here:
http://www.bleepingcomputer.com/comb...o-use-combofix
My System SpecsSystem Spec
Reply

 Jacee help with HJT Log Please




Thread Tools



Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:17 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33