#1  
Old 28-February-2015, 21:16
Twinkle's Avatar
Twinkle Twinkle is offline
Rambler
 
Join Date: Apr 2004
Location: Berkshire
Posts: 2,658
Question Hjt

Could someone please take a look at my log file?
I can't get rid off the red X ones!

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 20:10:28, on 28/02/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17183)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Woolley\Downloads\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
O4 - HKLM\..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe " "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe 1
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe 1
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files (x86)\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [zzz_ImInstaller_] "" -startup -product
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files (x86)\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\system32\spool\DRIVERS\x64\3\\lxdiserv. exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\SysWOW64\NLSSRV32.EXE
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TNI Launcher Service (TNISrvc) - TPV-INVENTA TECHNOLOGY CO., LTD. - C:\Program Files (x86)\TNIOSDVolumeSync\TNISrvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10729 bytes
__________________
We can't all be a star*
But we can all Twinkle*
Reply With Quote
  #2  
Old 02-March-2015, 13:18
centaur's Avatar
centaur centaur is offline
Optimistic Curmudgeon
 
Join Date: Apr 2003
Location: Sunny sarf devon
Posts: 1,721
Default Re: Hjt

Hi Twinkle.

I've read through this file and yes, it looks like you have trojans. If you can identify those with a red X (except the Internet explorer 10 ! ) HiJackThis normally gives options to remove the ones identified as baddies, have you tried doing this ?

Sometimes you need to turn off the windows 'system restore' option before doing this, as they can replicate and change folders in the process of removal, and leaving 'system restore' turned on, will allow them to do this. Once you have cleared these bad files out, and rebooted the 'puter, as long as things work ok afterwards, it will be safe to turn on your system restore, and create a new restore point once the system is clean.

You should then run 'windows update' and look at the files to see if IE 11 is available and download it if so.

Good luck.

P.S. I don't understand why your Avast A/V hasn't picked these files up as dodgy. Have you got the latest version ?
__________________
If you can keep your head when those around are losing theirs, maybe you just don't understand the situation.........

Last edited by centaur; 02-March-2015 at 13:24.
Reply With Quote
  #3  
Old 02-March-2015, 22:03
Twinkle's Avatar
Twinkle Twinkle is offline
Rambler
 
Join Date: Apr 2004
Location: Berkshire
Posts: 2,658
Default Re: Hjt

Avast say I have the latest version. I will try the turning off system restore, that's probably why they came back. x
Not got update for I.E. yet. Hopefully soon.
__________________
We can't all be a star*
But we can all Twinkle*
Reply With Quote
  #4  
Old 03-March-2015, 11:03
Twinkle's Avatar
Twinkle Twinkle is offline
Rambler
 
Join Date: Apr 2004
Location: Berkshire
Posts: 2,658
Default Re: Hjt

Bad news! They have still come back.:(
__________________
We can't all be a star*
But we can all Twinkle*
Reply With Quote
  #5  
Old 05-March-2015, 10:23
centaur's Avatar
centaur centaur is offline
Optimistic Curmudgeon
 
Join Date: Apr 2003
Location: Sunny sarf devon
Posts: 1,721
Default Re: Hjt

Apologies for delay in replying.

Short of doing a claen reinstall of the OS, I'd try and find a knowledgeable friend/relative to look at it, or, bite the bullet and take it into a computer repair place.
Sorry I couldn't help, but it's difficult to do so from a distance. If you lived anywhere near me, I'd be happy to come and see if I could fix it for you.As it says in the profile, I'm in South Devon.

P.S. Last minute thought. Have you tried downloading using a LAN cable instead of wifi ?
__________________
If you can keep your head when those around are losing theirs, maybe you just don't understand the situation.........
Reply With Quote
  #6  
Old 05-March-2015, 17:10
Behemoth's Avatar
Behemoth Behemoth is offline
Trance Addict
 
Join Date: Apr 2001
Location: Cornwall
Posts: 2,720
Default Re: Hjt

It is lookig very much like a fresh Install of Windows might be needed, I'm only now getting to grips with Windows 8.1 - I found myself liking it when I had to reinstall Windows on my laptop that I bought it to put on my desktop.

IE 10 & 11 are seriously insecure and if you can find away to do it my advice would be to install FireFox or even Chrome. If you've got an unsued memory stick it might be worth popping round to a friends and downloading FireFox to that to install on your system.
__________________
Is the juice worth the squeeze ?
Reply With Quote
  #7  
Old 05-March-2015, 21:34
Twinkle's Avatar
Twinkle Twinkle is offline
Rambler
 
Join Date: Apr 2004
Location: Berkshire
Posts: 2,658
Default Re: Hjt

Thanks centaur, Love S. Devon. I don't drive, live in Berks.

Thanks Behemoth, might get sister to download it for me.
__________________
We can't all be a star*
But we can all Twinkle*
Reply With Quote
Reply

Tags
audio, bad, computer, context menu, delay, files, google, happy, hijack, hijackthis, intel, international, internet, line, live, lookup, online, phone, player, product, security, settings, software, tools, windows

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hjt derby fan Spyware Removal 3 03-April-2010 15:52
Hjt Twinkle Spyware Removal 9 30-December-2008 21:15
IE6 Hijack & HJT! log GanjaCat Spyware Removal 0 17-December-2004 15:33
HJT! logfile The Wanderer Spyware Removal 1 08-September-2004 17:42
My HJT Logfile The Wanderer Spyware Removal 4 29-June-2004 18:38


All times are GMT +1. The time now is 07:50.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Copyright 1999-2014 The Scream!