-
January 21st, 2013, 12:19 PM
#1
homepage was hijcked snap.do
this is my hijack this file
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:14:28 PM, on 1/21/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Charles Lecouras\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Charles Lecouras\Local Settings\Application Data\Smartbar\Application\SnapDo.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co =US&userid=63fe156d-fda1-4a22-bec7-3b4ddfb99426&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co =US&userid=63fe156d-fda1-4a22-bec7-3b4ddfb99426&searchtype=ds&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=Verti...&searchtype=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co =US&userid=63fe156d-fda1-4a22-bec7-3b4ddfb99426&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co =US&userid=63fe156d-fda1-4a22-bec7-3b4ddfb99426&searchtype=ds&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.com/web?q=&pr=aut...=1.2.0002.2(B)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: InfoAtoms - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files\InfoAtoms\IE32\InfoAtomsClientIE.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: ShopAtHome - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Documents and Settings\Charles Lecouras\Application Data\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: RewardsArcadeSuite - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files\RewardsArcadeSuite\RewardsArcadeSuite.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Documents and Settings\Charles Lecouras\Application Data\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
O3 - Toolbar: Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShopAtHomeWatcher] C:\Documents and Settings\Charles Lecouras\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher .exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Charles Lecouras\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Browser Infrastructure Helper] C:\Documents and Settings\Charles Lecouras\Local Settings\Application Data\Smartbar\Application\SnapDo.exe startup
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://my.earthlink.net
O15 - Trusted Zone: http://webmail.earthlink.net
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: APC Data Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
--
End of file - 9071 bytes
-
January 21st, 2013, 12:47 PM
#2
Registered User
You can paste the log in at http://hijackthis.de. Here is the short analysis.
[?] - C:\Program Files\AVG\AVG2012\avgemcx.exe
[?] - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
[?] - C:\Documents and Settings\Charles Lecouras\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher .exe
[?] - O2 - BHO: InfoAtoms - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files\InfoAtoms\IE32\InfoAtomsClientIE.dll
[?] - O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
[N] - O2 - BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
[?] - O2 - BHO: RewardsArcadeSuite - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files\RewardsArcadeSuite\RewardsArcadeSuite.dll
[?] - O4 - HKLM\..\Run: [ShopAtHomeWatcher] C:\Documents and Settings\Charles Lecouras\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher .exe
[?] - O4 - HKCU\..\Run: [Browser Infrastructure Helper] C:\Documents and Settings\Charles Lecouras\Local Settings\Application Data\Smartbar\Application\SnapDo.exe startup
[?] - O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
Check the ones with the snap do, and if you do not want the shop at home, get rid of it also.
Sergeant WOTPP
-
January 21st, 2013, 01:03 PM
#3
where do I find the file that I have to change?
When run hijackthis the scan button is not active
Last edited by travistee; January 21st, 2013 at 01:11 PM.
-
January 21st, 2013, 01:28 PM
#4
this is my new hijack this file after checking the shop at home and snap.do
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:23:50 PM, on 1/21/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Charles Lecouras\Local Settings\Application Data\Smartbar\Application\SnapDo.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co =US&userid=63fe156d-fda1-4a22-bec7-3b4ddfb99426&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co =US&userid=63fe156d-fda1-4a22-bec7-3b4ddfb99426&searchtype=ds&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=Verti...&searchtype=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co =US&userid=63fe156d-fda1-4a22-bec7-3b4ddfb99426&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co =US&userid=63fe156d-fda1-4a22-bec7-3b4ddfb99426&searchtype=ds&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.com/web?q=&pr=aut...=1.2.0002.2(B)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: InfoAtoms - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files\InfoAtoms\IE32\InfoAtomsClientIE.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: RewardsArcadeSuite - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files\RewardsArcadeSuite\RewardsArcadeSuite.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Charles Lecouras\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Browser Infrastructure Helper] C:\Documents and Settings\Charles Lecouras\Local Settings\Application Data\Smartbar\Application\SnapDo.exe startup
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://my.earthlink.net
O15 - Trusted Zone: http://webmail.earthlink.net
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: APC Data Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
--
End of file - 8270 bytes
-
January 21st, 2013, 04:24 PM
#5
Registered User
Get rid of the first R1 entry. You can paste your own log file in at http://hijackthis.de. Then tell it to analyze it. Follow the reccommendations.
Sergeant WOTPP
-
January 21st, 2013, 05:11 PM
#6
Registered User
These don't belong
O4 - HKCU\..\Run: [Browser Infrastructure Helper] C:\Documents and Settings\Charles Lecouras\Local Settings\Application Data\Smartbar\Application\SnapDo.exe startup
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=Verti...iTechnology&co =US&userid=63fe156d-fda1-4a22-bec7-3b4ddfb99426&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=Verti...iTechnology&co =US&userid=63fe156d-fda1-4a22-bec7-3b4ddfb99426&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=Verti...iTechnology&co =US&userid=63fe156d-fda1-4a22-bec7-3b4ddfb99426&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Verti...iTechnology&co =US&userid=63fe156d-fda1-4a22-bec7-3b4ddfb99426&searchtype=ds&q={searchTerms}
C:\Documents and Settings\Charles Lecouras\Local Settings\Application Data\Smartbar\Application\SnapDo.exe
One Script to rule them all.
One Script to find them.
One Script to bring them all,
and clean up after itself.
-
January 21st, 2013, 09:26 PM
#7
Registered User
I can only say get Malwarebytes install it update it and run it with a full Scan.
The do yourself a favor and trashcan AVG
-
January 22nd, 2013, 05:37 AM
#8
Super Moderator
MSE (Microsoft Security Essentials) is a good replacement for AVG.
--
Doc ___________Microsoft Safety & Security Center___________
\____________________ ____.-.____ ____________________/
\_____________\ -._)!(_.- /_____________/
\_______\. ~\ /~ ./_______/
\_______/
"Men never do evil so completely and cheerfully as when they do it from religious conviction" -Blaise Pascal
-
January 22nd, 2013, 08:46 AM
#9
Registered User
MSE is not that good anymore as it is now ranked #20. For a free version, you would be better off with AVAST.
It's not the computers that keep having problems, it's the users!!
-
January 22nd, 2013, 11:09 AM
#10
Registered User
Originally Posted by Zonie
MSE is not that good anymore as it is now ranked #20. For a free version, you would be better off with AVAST.
I agree, as much as I find AVAST to be intrusive and annoying it is far more secure than Microsoft Security Essentials. Honestly I would go the paid route if I were you. NOD32 is my preferred anti-virus. It's well rounded and reliable. Further note, only get the anti-virus version and not the security suite of any AV. The security suites come with automated firewalls and tweaks that cause more headache than good. If you want a firewall hardware ones are the ones to go with, provided you know how to set one up. The software ones just guess, and poorly at that.
One Script to rule them all.
One Script to find them.
One Script to bring them all,
and clean up after itself.
-
January 22nd, 2013, 06:16 PM
#11
Registered User
TrendMicro is ending support for HijackThis. Frankly, it's become a tool that's OK for reporting symptoms, but not for diagnosing the disease. MalwareBytes Anti-Malware has really become one of the must have tools. Recently, I've changed my mind about coughing up the cash to register MBAM Pro, and I recommend doing it. I've had too many clients who run regular scans with the free MBAM, but never update the database or the software. Little hint here; running a MBAM scan with a version of the program that's 4 versions old with a database 170 days out of date really isn't very useful. Just go Pro.
I don't think I'll comment on all the freeware AV protection available, except to say that AVG sucks and has sucked for more than a decade, plus Microsoft Security Essentials (no matter how often and strongly you see it recommended) is at best a mediocre product.
Case in point, a client brought me a computer that had obvious malware issues. It had MSE installed, and every time the computer booted, MSE reported that it had detected an Alureon.A infection, and instructed me to run a scan with MSE Offline. That's a utility that lets you build a bootable ISO image or create a bootable pendrive to clean those infections that MSE can't handle in standard mode.
So, I built a disc, ran a full scan from it, and MSE Offline didn't detect any infections, rebooted, and YOWZA! there was another message from MSE suggesting I run MSE Offline. I thought I'd be fair, so I did a rinse and repeat with the same results.
Going back to my standard regimen of TDSSKiller, followed by ComboFix, then a full scan with MBAM got the computer clean. A supplemental scan with Eset's Online Scanner came up clean.
So, I don't find MSE to be a top-tier security product. You can check its performance on VirusBulletin.com or AV-Comparatives, and it just doesn't perform all that well. People push it because it has a small resource footprint, is mistakenly considered "good enough", and is unobtrusive.
I install it for many of my older clients, because they don't always deal well with alerts form other AV software, but I always bundle it with a MBAM Pro subscription, and I always set the scheduled scan to Full Scan. In fact, one of the things that truly pisses me off about antimalware software, is that it doesn't default to a Full Scan for scheduled scans. WTF, if you run a scheduled scan at 2:00 AM, who cares if it takes 3 hours to run vs. an hour for a Quick Scan?
Last edited by slgrieb; January 22nd, 2013 at 06:19 PM.
Similar Threads
-
By mikntwd in forum Windows XP
Replies: 1
Last Post: October 1st, 2006, 07:23 AM
-
By geeksRus in forum Tech Lounge & Tales
Replies: 15
Last Post: September 15th, 2004, 12:37 PM
-
By NooNoo in forum Tech-To-Tech
Replies: 9
Last Post: July 23rd, 2004, 02:41 PM
-
By eedmond in forum Sound Card Drivers
Replies: 65
Last Post: January 23rd, 2004, 02:50 PM
-
By lysergic in forum Comments and Suggestions
Replies: 6
Last Post: May 9th, 2001, 08:59 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks