#49 My Log...your changes...

v1.0_(example)
closed
None
5
2013-11-11
2013-07-01
timdecker
No

This computer has been running a little slow. Could someone take a look at this log for me and see what I need to change? Thanks.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:35:59 PM, on 6/30/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
CHROME: 27.0.1453.116
FIREFOX: 21.0 (en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Users\Cristina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cristina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cristina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cristina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cristina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cristina\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5

--
End of file - 13511 bytes

Discussion

  • timdecker

    timdecker - 2013-07-01

    Please use this link instead to view the log file...

    http://pastebin.com/dACA9NEY

     
  • Loucif Kharouni

    Loucif Kharouni - 2013-07-05

    Hi,

    Please delete the following entries:
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll

    Also you may want to download HouseCall and scan your machine. Send me the log file or a screenshot of the windows showing if there is any infection:
    http://housecall.trendmicro.com/index.html

    Download and also scan your machine with rootkit buster tool, it may help to tell us if you have a rootkit/keylogger
    http://free.antivirus.com/us/rootkit-buster/index.html

    You can also download and install this small program that will tell you if you're machine is a bot (part of a botnet) or not:
    http://free.antivirus.com/us/rubotted/

     
  • Loucif Kharouni

    Loucif Kharouni - 2013-07-05
    • status: open --> pending
    • assigned_to: Loucif Kharouni
     
  • Loucif Kharouni

    Loucif Kharouni - 2013-07-22

    no updates. case closed, can be re-open if needed.

     
  • Loucif Kharouni

    Loucif Kharouni - 2013-07-22
    • status: pending --> closed
     

Log in to post a comment.