Help Plz...

PyroniC

Logfile of HijackThis v1.99.1
Scan saved at 19:33:04, on 03/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\hi\Local Settings\Temporary Internet Files\Content.IE5\KQ7MXDS9\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {37AC367C-7EF9-03AC-4AA9-E28BFA2895CD} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Protection Bar - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus CX3200] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [PeerGuardian] "C:\Program Files\PeerGuardian2\pg2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{F88D2678-B73F-40D0-9AB3-E261FDF9BAD8}: NameServer = 159.134.237.6 159.134.248.17
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: featherweed - {ab340860-fd81-4a65-b345-82eb77a66b5e} - (no file)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe


Could someone tell me whether everything is ok or do i have any infections!?!?

r3nu4l

OP, be very, very careful of taking advice on this log from psoters here. Most will try to help you but you might find one or two "jokers" who tell you to "fix" a problem that will actually disable your machine...

Far better to post it here but it will take a few days for them to answer.

Mods, I suggest locking this to prevent any "issues" arising from potentially bad advice been given.

Endurance Man

r3nu4l wrote:

OP, be very, very careful of taking advice on this log from psoters here. Most will try to help you but you might find one or two "jokers" who tell you to "fix" a problem that will actually disable your machine...

Far better to post it here but it will take a few days for them to answer.

Mods, I suggest locking this to prevent any "issues" arising from potentially bad advice been given.

, i think most posters on the comps forum are trust worthy, iv never been given or seen people giving out wrong information on purpose. Sure people are wrong some times, but there will always be someone to correct them.
I have no idea what the posters problem is, perhaps its more serious than im thinking?

Redisle

You can paste that at http://hjt.networktechs.com/

that gives you an auto analysis.. i just pasted yours and there was nothing bad stood out..

Is there a reason why you are posting a hj log?? do you suspect you have a virus or are you just making sure you dont??

irlrobins

r3nu4l wrote:

Mods, I suggest locking this to prevent any "issues" arising from potentially bad advice been given.

If we applied that rule then the majority of threads here would need locking. The whole point of the forum is to seek people's advice and opinion. And obviously it goes without saying that everything (you read on the internet) should be taken with a pinch of salt.

Thread can continue.

Ruu_Old

Theres often a good deal of these sort of threads posted here, r3nu4l.

OP, it looks clean to me at a quick glance. Is there something happening with your machine that you suspect an infection?

Cuddlesworth

Seems ok, do you suspect a infection? Do you use Spyware doctor?

r3nu4l

Hi guys,

Thanks for the responses (I learned something new ) and yes, at first glance the log looks clean apart from some BHO's I don't recognise but with HJT logs I always err onthe side of caution as one wrong click of the fix button can really mess up a machine (as I'm sure you all know).

I know that most posters are going to know what they are doing and be careful with advice but there's nothing to stop someone registering an account for a "laugh" and causing havok.

Also, given the fact that there can sometimes be a time lag between posts (although not tonight ) it may be too late for someone to correct an inaccurate post if the OP is not patient.

As well as the links mentioned you can use http://www.hijackthis.de/
It might be interesting to compare results from these sites

Yes, it would be good of the OP to give some more info as to the problem being experienced.

r3nu4l

OK, looking at this again I have to ask the OP, was the computer running very slowly when you ran HJT and got this log.

The reason I ask is that you have a lot of instances of svchost.exe running (7 that I can see). Now, this is normal and svchost is a legitimate windows process but it is usually called to instigate a number of other processes and if there are a lot of copies running then the machine can slow down.

Also, in my experience, sometimes svchost doesn't shut itself down once the tasks it called have finished running.

See here for more info. There are also virus variants of svchost but you copies are being run from the correct folder so I doubt it's a virus.

Now I don't know what type of machine you have...RAM/CPU speed etc but you do have a lot of processes running as well and if your machine is not very fast you could slow it down a lot.

You are running a Nokia service, DVD Launcher, Dell DMX launcher, Windows Media Player, Firewall, Windows Defender, Spyware Doctor, JAVA, Sony Ericcson, PCSuite, QuickTime, Bluetooth agent, Peer Guardian...and so on...if your machine isn't capable of running all of these or slows down when you start PowerPoint or Excel etc. then this might be the problem.

Of course, after all that I'm still assuming that the problem is the speed of your machine...which may not be the case at all

Endurance Man

I know that most posters are going to know what they are doing and be careful with advice but there's nothing to stop someone registering an account for a "laugh" and causing havok.

Haven't seen this happen in the year and a half iv been posting here, not really an issue imo.

r3nu4l

Endurance Man wrote:

Haven't seen this happen in the year and a half iv been posting here, not really an issue imo.

Haven't seen the OP come back since his (or her) seemingly urgent request for help Hope I haven't scared him (or her)off :eek:

Good to hear that bad things haven't happened here, I know that Castlecops don't allow anyone who isn't a registered professional to respond to HJT log help requests because of problems in the past hence my initial 'worry' about the post Also I know of people who have deliberately posted incorrect information 'for kicks' in forums :mad:, they got kicked from said forums rather quickly

On-topic: Has anyone seen anything really obviously wrong with that log? I haven't and can't figure out why help was/is needed...apart from a possible problem with too many services running at once.