Results 1 to 4 of 4
  1. #1
    Señor Member nofam's Avatar
    Join Date
    Feb 2008
    Location
    Mollywood
    Posts
    2,323

    Default HJT log if you're around Speedy et al?

    Can you guys please take a look at this?

    PC was infected with MyWebSearch, but Malwarebytes and S.A.S took care of that. Looks pretty clean?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:16:56 a.m., on 15/05/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    E:\Repair\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\sw g.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: AutorunsDisabled
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...1YYNZ_ZZzebXXX
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.stuff.co.nz
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O24 - Desktop Component 0: (no name) - https://www.nbnz.co.nz/images/lvl3/mo_obanking.gif

    --
    End of file - 4161 bytes
    .
    .
    .

    Got a natural pearl in my calloused hand
    ...Saved for the girl who could really understand
    ......What it takes to see
    .........The gold from the alchemy

  2. #2
    IT Contractor
    Join Date
    Feb 2005
    Posts
    2,677

    Default Re: HJT log if you're around Speedy et al?

    Quote Originally Posted by nofam View Post
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...1YYNZ_ZZzebXXX
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    The bolded line I would definitely remove. I've included the other lines simply because it looks like you have both Yahoo and Google toolbars installed, and while that theoretically isn't an issue, I just hate excessive toolbars :P
    Windows 7 x64 // i5-3570K // 16GB DDR3-1600 // GTX660Ti 2GB // Samsung 830 120GB SSD // OCZ Agility4 120GB SSD
    Windows 7 x64 // Phenom II 955 // 8GB DDR3-1333 // GTX460 1GB // Corsair Force3 120GB SSD
    Samsung Galaxy S4 GT-I9505

  3. #3
    Unknown Device wratterus's Avatar
    Join Date
    Apr 2007
    Location
    Top of the South
    Posts
    12,338

    Default Re: HJT log if you're around Speedy et al?

    Wow, clean as a whistle!

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...1YYNZ_ZZzebXXX

    That needs to go.


    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    You can get rid of that.


    O4 - Global Startup: AutorunsDisabled

    I assume that's supposed to be there?
    Microsoft: "You've got questions. We've got dancing paperclips."

  4. #4
    Señor Member nofam's Avatar
    Join Date
    Feb 2008
    Location
    Mollywood
    Posts
    2,323

    Default Re: HJT log if you're around Speedy et al?

    Quote Originally Posted by wratterus View Post
    Wow, clean as a whistle!

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...1YYNZ_ZZzebXXX

    That needs to go.


    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    You can get rid of that.
    Thanks for pointing out the mywebsearch item guys - I did the HJT scan at 6:30am, so was still half-asleep!!


    O4 - Global Startup: AutorunsDisabled

    I assume that's supposed to be there?



    Yeah it is Wrat - I use Autoruns from Sysinternals to disable apps on startup. . . it's a great bit of kit! (As is everything that Mark Russinovich does!)
    .
    .
    .

    Got a natural pearl in my calloused hand
    ...Saved for the girl who could really understand
    ......What it takes to see
    .........The gold from the alchemy

Similar Threads

  1. Ref Speedy and others
    By kjaada in forum PC World Chat
    Replies: 13
    Last Post: 08-02-2009, 07:23 AM
  2. Have a look please Speedy
    By JJJJJ in forum PressF1
    Replies: 3
    Last Post: 05-02-2009, 08:33 PM
  3. HJT log for Speedy
    By lakewoodlady in forum PressF1
    Replies: 3
    Last Post: 15-01-2009, 03:57 PM
  4. What ever become of Speedy/Mod?
    By HMroid in forum PressF1
    Replies: 1
    Last Post: 25-07-2007, 08:36 PM
  5. Speedy CD-RW
    By in forum PressF1
    Replies: 3
    Last Post: 31-10-2001, 11:19 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •