Win 7 running Slow on a laptop Can you check the Hijack This log

Free Antivirus Forum - Learn about antivirus, firewalls and personal security

BullGuard Antivirus Forum > Virus information > Alerts & New Threats > Win 7 running Slow on a laptop Can you check the Hijack This log

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

Pedra
New Member

Date Joined Aug 2008
Total Posts : 23

Posted 5/28/2010 1:43 PM (GMT +3)

Hi

I have been given a Win 7 laptop running x64 HP on a compaq Qosmio

Its started to run a little weird and I just wanted to check there are no hidden Virus's. The problem is certain software that runs on other versions of Win 7 will not run on this. I want to rule out a virus at this point.

Here is the log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:40:40, on 28/05/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files (x86)\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Users\Yola\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: BHOHOOK - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files (x86)\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files (x86)\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Yola\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\ATService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: FortiClient SSL VPN (FortiSslvpnDaemon) - Fortinet Inc. - C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Launching Service (RapportLaunService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9445 bytes

Cheers

markusg
Senior Member

Date Joined Feb 2010
Total Posts : 605

Posted 5/28/2010 2:04 PM (GMT +3)

We can at first fix some autostart entries.
right klick hijackthis, run as admin.
klick scan, check the following:
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files (x86)\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files (x86)\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
klick fix checked.
open your adobe reader, klick help and update. this laptop needs secunia and sandobx but later.
restart, post an malwarebytes log.

Pedra
New Member

Date Joined Aug 2008
Total Posts : 23

Posted 5/28/2010 2:20 PM (GMT +3)

Hi

Deleted the problems listed above and she started running alot quicker as soon as I did this.

Here is the Malware log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4151

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28/05/2010 12:18:37
mbam-log-2010-05-28 (12-18-37).txt

Scan type: Quick scan
Objects scanned: 116722
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Cheers

markusg
Senior Member

Date Joined Feb 2010
Total Posts : 605

Posted 5/28/2010 2:30 PM (GMT +3)

are any problems exsisting?
the mbam log looks good

Pedra
New Member

Date Joined Aug 2008
Total Posts : 23

Posted 5/28/2010 2:32 PM (GMT +3)

Other than the Fusion 32bit version refusing to work, everything else seems to be working dandy again. Just a thought, could it be the laptop is running Home Premium 64 and not 64bit Pro causing the 32bit of Fusion to work??

Otherwise all is good

markusg
Senior Member

Date Joined Feb 2010
Total Posts : 605

Posted 5/28/2010 2:48 PM (GMT +3)

you mean the windows xp mode?

Pedra
New Member

Date Joined Aug 2008
Total Posts : 23

Posted 5/28/2010 2:52 PM (GMT +3)

I have tried it in xp Comparability mode in both on Win 7 Home Premium 64. The 32bit version of the program refuses to run the gui but 64 runs perfectly. Tis Weird

markusg
Senior Member

Date Joined Feb 2010
Total Posts : 605

Posted 5/28/2010 3:33 PM (GMT +3)

hmm sorry i can not help you. some programs can not run under 64 bit and the 64 programs can not run under an 32 bit os. you can use virtual pc, make an vm and install there windows 32 bit.
ok some tipps.
For safer surfing try sandboxie:
www.sandboxie.com/index.php?GettingStarted
download
PSI (personal secunia software inspector)
secunia.com/vulnerability_scanning/personal/
this will help you to be up to date in the future.
Prevx safe online.
I use this tool, this protect you against data stealing techniques.
for example, you have an unknown malware and this will send your password to an backdoor server, it can protect you.
this tool is cloud based and net an internet conection to work korekt.
an test for better understanding:
info.prevx.com/download.asp?GRAB=IMMUNITY
please install the program:
pxnow.prevx.com/zeroL/PREVXFACEBOOK.EXE
it will start an "learn scan" let it run.
open your web browser. you will see the prevx safe online symbol.
klick it, select configure and set all to maximum.
screenshot:
www.pic-upload.de/view-5696014/prevx.jpg.html

select "safe"
have a look if all is working korekt, if not, tell me.
The program can also detect malware, but it can not remove it in this version. Please klick the symbol in the tray, select heuristik, set all to maximum.
klick now the "scan" buton.

now right klick the prevx symbol in the tray, select tool and safe log.
www.file-upload.net
klick "durchsuchen" search the log.
after this klick "datei hochladen"
post the download link
when you are installing much programms, you must set the age /popularity heuristik from maximum to high.
if you have problems to use prevx in the future, wilders have the prevx suport forum and you can open a thread.
www.wilderssecurity.com/

Pedra
New Member

Date Joined Aug 2008
Total Posts : 23

Posted 6/2/2010 5:50 PM (GMT +3)

Hi Sorry, the person took their laptop before I could finish the tests. :-S I haven't heard anything else so I think its working fine but I guess we will see.

Thanks

Forum Information

Currently it is Monday, May 20, 2013 4:54 PM (GMT +3)
There are a total of 59,521 posts in 13,140 threads.
In the last 3 days there were 3 new threads and 6 reply posts. View Active Threads