View Full Version : HiJackThis Log

29-06-2009, 03:23 PM
Been getting laughing sounds when browsing on line.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:20 p.m., on 29/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1238923493469&h=7a523ebe2f9bb575683de72228ad9ad7/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

End of file - 4014 bytes

29-06-2009, 03:26 PM
web scanner playing up?
could install sp2

29-06-2009, 03:38 PM
O13 - Gopher Prefix:

Done the usual malware scans yet?

29-06-2009, 03:47 PM
Scanned with Spyware Terminator, Malewarebytes & Spybott.
Re the Gopher Prefix, when I try to get rid of it, Spyware Terminator blocks the action for some reason. Could this be a problem?

29-06-2009, 03:50 PM
Disable Spyware Terminator-it probably thinks the file is infected and its clashed with HijackThis.

29-06-2009, 03:51 PM
web scanner playing up?
could install sp2

I'm downloading SP2 ATM.
What's a web scanner?

29-06-2009, 03:57 PM
your AV has a part which scans sites you go to , says something if it thinks the site is has spyware/malware etc

29-06-2009, 03:59 PM
Disable Spyware Terminator-it probably thinks the file is infected and its clashed with HijackThis.

Ok, I've killed the Gopher.

29-06-2009, 04:02 PM
your AV has a part which scans sites you go to , says something if it thinks the site is has spyware/malware etc

That will be Avast

29-06-2009, 09:28 PM
Do you use AIM?

29-06-2009, 10:40 PM
Do you use AIM?


30-06-2009, 12:59 PM
Dam laugh is still there today. Only hear it occationally.

30-06-2009, 01:08 PM
Is it all browsers?

30-06-2009, 01:10 PM
Could it be an ad on a website? Which website is laughing at you? :p

30-06-2009, 01:16 PM
Any chance you have anything relating to AOL -- If you do its your AOL Buddy List settings.

30-06-2009, 01:49 PM
Browser? I only use IE.

Could be an add on a website, I usually have several open. I'll just use one at a time & try to narrow the field. Havent heard it on this one.

Don't use AOL.

30-06-2009, 01:52 PM
Found it. It is a add.
Thanks for your help guys.

30-06-2009, 02:04 PM

Use Firefox with Adblock Plus if you want to block ads.

30-06-2009, 03:05 PM
I see the add has gone from the site now, probably had some complaints.