« previous next »
Pages: [1]   Go Down

Author Topic: HJT Analysis Please  (Read 2619 times)

0 Members and 1 Guest are viewing this topic.

Ragamuffin

  • Guest
HJT Analysis Please
« on: July 30, 2009, 04:43:29 AM »
After the problems I had over the last few days I was hoping now that everything is apparently in order (I've been running SUPERAntiSpyware, MBAM and avast scans daily with no problems) if someone could just double check this HJT log for me please? I'm looking in particular at the "O4 - HKLM\..\Run: [StorageGuard] "H:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" entry. I uninstalled Sonic Update Manager the other day, partly because it kept bringing up a PCTools Firewall Plus query box despite selecting the block option, and also because I'm fairly sure I don't use it for anything, but now every time I log in I get an error message from sgtray telling me it can't load resources and to reinstall the program. I don't really want to, as I said, I don't really have use for it, so would I be safe in "fixing" the "O4 - HKLM\..\Run: [StorageGuard] "H:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" entry?

Code: [Select]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:28:11, on 30/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\PC Tools Firewall Plus\FWService.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Saitek\Software\SaiSmart.exe
H:\Program Files\Saitek\Software\Profiler.exe
H:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Windows Media Player\WMPNSCFG.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\Windows Media Player\wmplayer.exe
H:\Program Files\Alwil Software\Avast4\ashSimpl.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.channel4.com/watch_online/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SaiSmart] H:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [Profiler] H:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [NVMixerTray] "H:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Windows Media Connect 2] "H:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [StorageGuard] "H:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "H:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [00PCTFW] "H:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] H:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - H:\Program Files\PC Tools Firewall Plus\FWService.exe

--
End of file - 6754 bytes
Logged

CharleyO

  • Guest
Re: HJT Analysis Please
« Reply #1 on: August 02, 2009, 01:27:02 PM »
***

Hi Ragamuffin -

There are no known problems showing in your HJT log. That is very good!

As for the 04 entry you have asked about ... yes, it would be safe to let HJT fix that 04 entry since it is only the registry entry for Sonic Update manager which you have uninstalled. That should also stop the PCTools Firewall Plus query box notice.

Overview of running tasks:

smss.exe   
System task   
Session Manager Subsystem

winlogon.exe   
System task   
Microsoft Windows Logon Process

services.exe   
System task   
Windows Service Controller

lsass.exe   
System task   
Local Security Authority Service

nvsvc32.exe   
Application   
NVIDIA Driver Helper Service

svchost.exe   
System task   
Microsoft Service Host Process

svchost.exe   
System task   
Microsoft Service Host Process

aswUpdSv.exe   
Virusscan   
Avast Anti-Virus Component

ashServ.exe   
Virusscan   
Avast

spoolsv.exe   
System task   
Microsoft Printer Spooler Service

svchost.exe   
System task   
Microsoft Service Host Process

jqs.exe   
Backgroundtask   
jqs.exe

FWService.exe   
Firewall   
PC Tools Firewall Plus service

svchost.exe   
System task   
Microsoft Service Host Process

ashMaiSv.exe   
Virusscan   
Avast Anti-Virus Component

ashWebSv.exe   
Virusscan   
avast! Web Scanner

Explorer.EXE   
System task   
Microsoft Windows Explorer

SaiSmart.exe   
Driver   
Smart Button Special Sauce

Profiler.exe      (utility from Saitek that allows launching applications from the system tray bar.)
Unknown task      http://www.auditmypc.com/process/profiler.asp
Unknown task       http://www.bleepingcomputer.com/startups/Profiler.exe-4219.html

NVMixerTray.exe   
Driver   
NVIDIA NVMixerTray

PDVDServ.exe   
Backgroundtask   
PowerDVD Remote Control

RUNDLL32.EXE   
System task   
Microsoft Rundll32

ashDisp.exe   
Virusscan   
Avast AntiVirus

FirewallGUI.exe   
Firewall   
PC Tools Firewall GUI

ctfmon.exe   
System task   
Alternative User Input Services

WMPNSCFG.exe   
Backgroundtask   
Windows Media Player Network Sharing Service Confi

TeaTimer.exe   
Application   
Spybot S&D Realtime Scanner

wmplayer.exe   
Application   
Microsoft Windows Media Player

ashSimpl.exe   
Virusscan   
Virus scanner

firefox.exe   
Application   
Mozilla Firefox

HijackThis.exe   
Application   
Merijn Hijackthis


***
Logged

YoKenny

  • Guest
Re: HJT Analysis Please
« Reply #2 on: August 02, 2009, 02:45:29 PM »
You should install User Profile Hive Cleanup Service:
Brief Description
A service to help with slow log off and unreconciled profile problems.

http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

See:
"CCleaner /Auto /Shutdown" is unreliable
http://forum.piriform.com/index.php?showtopic=23351

This installed standard with Vista and Windows 7
« Last Edit: August 03, 2009, 03:43:59 PM by YoKenny »
Logged

CharleyO

  • Guest
Re: HJT Analysis Please
« Reply #3 on: August 03, 2009, 03:37:58 PM »
***

Thanks for the extra info, YK.   :)


***
Logged
Pages: [1]   Go Up
« previous next »