Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Pending] HJT Logs » HELP! please with this hijack this log file...

[Pending] HJT Logs - HELP! please with this hijack this log file... posted in the Security & Safety forums; My laptop has been running slow for some time now and no matter what i try does not seem to work, i can only re-store my computer in safe mode ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 04-27-2008
Bronze Member
My PC
 
Join Date: Apr 2008
Posts: 8
PC Experience: Some Experience
stacie_1712 - See this Members User comments on their Profile page
Default HELP! please with this hijack this log file...
My laptop has been running slow for some time now and no matter what i try does not seem to work, i can only re-store my computer in safe mode and that only goes back 5 days, it wont allow me to re-store in normal windows mode for some reason. Also whenever i do a Norton 360 check it comes up everytime that there is always 1 spyware on my computer and then once norton check is over it it states the fil has been removed and fixed. But even if i do the check straight away after it will still come up that 1 file has been fixed and removed.

i cannot seem to figure out what is causing the to always have the spyware on my computer.

i have used HiJack this and a file has been created....was wondering if i post this ...if someone will have a look and see if i have a virus/spyware on my computer and how to fix this??

thanks you!! x


AVG SCAN LOG

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 15:58:57 27/04/2008
+ Scan result:

C:\Users\Stacie\AppData\Local\Temp\Cookies\stacie@ sonyeurope.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Users\Stacie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\stacie@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\C ookies\Low\simon@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Users\Stacie\AppData\Local\Temp\Cookies\stacie@ atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Users\Stacie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\stacie@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\C ookies\Low\simon@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@connextra[3].txt -> TrackingCookie.Connextra : Cleaned.
C:\Users\Stacie\AppData\Local\Temp\Cookies\stacie@ doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Users\Stacie\AppData\Local\Temp\Cookies\stacie@ doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Users\Stacie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\stacie@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@e-2dj6wbmygidpgbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@e-2dj6wfkiskajoep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@e-2dj6wfliggazslo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@e-2dj6wjl4qkczifo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@e-2dj6wjliomazako.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@e-2dj6wjloegdpeao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\C ookies\Low\simon@e-2dj6wfkieoczcbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\C ookies\Low\simon@e-2dj6wjmyoodzilo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\C ookies\Low\simon@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Users\Stacie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\stacie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\C ookies\Low\simon@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Users\Stacie\AppData\Local\Temp\Cookies\stacie@ bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Users\Stacie\AppData\Local\Temp\Cookies\stacie@ bs.serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Users\Stacie\AppData\Local\Temp\Cookies\stacie@ serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Users\Stacie\AppData\Local\Temp\Cookies\stacie@ serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\C ookies\Low\simon@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\C ookies\Low\simon@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\C ookies\Low\simon@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Users\Stacie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\stacie@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.

::Report end


SUPER ANISPYWARE LOG


SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!
Generated 04/27/2008 at 04:43 PM
Application Version : 4.0.1154
Core Rules Database Version : 3412
Trace Rules Database Version: 1404
Scan type : Complete Scan
Total Scan Time : 00:38:58
Memory items scanned : 224
Memory threats detected : 0
Registry items scanned : 7523
Registry threats detected : 32
File items scanned : 18641
File threats detected : 35
Adware.MyWebSearch
[MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
[MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKU\S-1-5-21-3567600134-9918671-934510128-1003\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
Adware.Tracking Cookie
C:\Users\Stacie\AppData\Local\Temp\Cookies\stacie@ atdmt[1].txt
C:\Users\Stacie\AppData\Local\Temp\Cookies\stacie@ bs.serving-sys[3].txt
C:\Users\Stacie\AppData\Local\Temp\Cookies\stacie@ doubleclick[2].txt
C:\Users\Stacie\AppData\Local\Temp\Cookies\stacie@ serving-sys[3].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@tracking.summitmedia.co[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@ads.cartoondollemporium[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@www.xitigames[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@xitigames[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@apmebf[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@videoegg.adbureau[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@psychostats[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@ads.stardoll[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@mywebsearch[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@ad.uk.tangozebra[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@precisionclick[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@www.googleadservices[4].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@www.googleadservices[3].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@www.googleadservices[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@www.googleadservices[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies\Low\guest@adserver.mediarun[1].txt
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\C ookies\Low\simon@virginmedia[2].txt
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\C ookies\Low\simon@findarticles[2].txt
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\C ookies\Low\simon@www.googleadservices[3].txt
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\C ookies\Low\simon@www.googleadservices[2].txt
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\C ookies\Low\simon@www.googleadservices[1].txt
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\C ookies\Low\simon@ad.uk.tangozebra[1].txt
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\C ookies\Low\simon@www.virginmedia[2].txt
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\C ookies\Low\simon@adserver.mediarun[1].txt
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\C ookies\Low\simon@a.findarticles[2].txt
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\C ookies\Low\simon@mywebsearch[1].txt
C:\Users\Stacie\AppData\Roaming\Microsoft\Windows\ Cookies\Low\stacie@adinterax[2].txt


HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:53, on 27/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Apoint\Apntex.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = News, Sport, Music, Movies, Money, Cars, Shopping and more from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIC AE.EXE /FU "C:\Windows\TEMP\E_S6176.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZKxdm021MXGB
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader2.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardware ResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 13283 bytes





also... i get this come up in a notepad file whenever my computer is started up..

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell 32.dll,-21787

how do i get rid of that coming up as it never used to pop up everytime computer is restarted?

thanks!!
  #2  
Old 04-27-2008
ih8bills's Avatar
Tech Team Leader
My PC
 
Join Date: Feb 2006
Location: coastal Rhode Island
Posts: 4,323
PC Experience: More Stubborn than any PC
ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page
Default Re: HELP! please with this hijack this log file...
Hi... Welcome to PCHF.

Forum Rules require that HJT logs must be analyzed by experienced Security Team Analysts. This is for your protection... and to give you our best service.

Our Security Team is always very busy-- and as we live all over the Earth...
Time-Zones are also an important factor.

Your patience is greatly appreciated.

Thank You



__________________


Without music, life would be a mistake
Friedrich Nietzsche
  #3  
Old 05-04-2008
Bronze Member
My PC
 
Join Date: Apr 2008
Posts: 8
PC Experience: Some Experience
stacie_1712 - See this Members User comments on their Profile page
Default Re: HELP! please with this hijack this log file...
Hi

how long does it usually take for someone to get a reply?

many thanks
x
  #4  
Old 05-12-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,085
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: HELP! please with this hijack this log file...
I dont see any malware in your log.It all looks fine.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #5  
Old 05-12-2008
ih8bills's Avatar
Tech Team Leader
My PC
 
Join Date: Feb 2006
Location: coastal Rhode Island
Posts: 4,323
PC Experience: More Stubborn than any PC
ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page
Default Re: HELP! please with this hijack this log file...
Stacie-- as your malware has come up clean-- we have to look elsewhere....
that "system root" file has me thinking the fastest solution for you may be a repair installation.

Do you have full retail copy of Windows ?
or one of those "restore discs"

If you have the restore disc-- you CAN use it-- but back up your irreplaceable files first. Pictures/music/business data/tax data...

Then do the restore-- those restore discs cannot do non-destructive restoration.
They just wipe and start over-- including software--everything.

The full retail copy can do a repair install without harming anything else.


__________________


Without music, life would be a mistake
Friedrich Nietzsche
  #6  
Old 05-12-2008
Bronze Member
My PC
 
Join Date: Apr 2008
Posts: 8
PC Experience: Some Experience
stacie_1712 - See this Members User comments on their Profile page
Default Re: HELP! please with this hijack this log file...
Hi!

Thanks for the reply. I cannot seem to do a system restore as whenver it goes to restart and loads back up it states that was unsuccessful. Plus it will only let me select to go back about 5 days, cannot go any further.

My laptop came with windows vista already installed and did not get a CD with this.

many thanks

stacie x
  #7  
Old 05-15-2008
Bronze Member
My PC
 
Join Date: Apr 2008
Posts: 8
PC Experience: Some Experience
stacie_1712 - See this Members User comments on their Profile page
Default Re: HELP! please with this hijack this log file...
what should i try now?
also how to i get rid of that notepad file that always comes up as soon as windows loaded up?

many thanks

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 1 of 2 1 2 >

Bookmarks

« Computer acting up | nar.vbs... my trend micro hates this file »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off