HJT Logfile!

[adthegreat-]

I'm cleaning my computer out, I've run AVG, Spybot and Ad-aware and now HJT, and I was wondering if a techie could take a look at my attempts at getting rid of all resource hogs, or unneccessaries.

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1



Scan saved at 21:29:24, on 02/02/2006



Platform: Windows XP SP2 (WinNT 5.01.2600)



MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)







Running processes:



C:\WINDOWS\System32\smss[Caution: ExecutableFile]



C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]



C:\WINDOWS\system32\services[Caution: ExecutableFile]



C:\WINDOWS\system32\lsass[Caution: ExecutableFile]



C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



C:\WINDOWS\System32\svchost[Caution: ExecutableFile]



C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]



C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile]



C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile]



C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: ExecutableFile]



C:\WINDOWS\Explorer[Caution: ExecutableFile]



C:\WINDOWS\stsystra[Caution: ExecutableFile]



C:\Program Files\Common Files\InstallShield\UpdateService\issch[Caution: ExecutableFile]



C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile]



C:\Program Files\Dell Support\DSAgnt[Caution: ExecutableFile]



C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t[Caution: ExecutableFile]



C:\WINDOWS\System32\svchost[Caution: ExecutableFile]



C:\Program Files\Opera\Opera[Caution: ExecutableFile]



C:\DOCUME~1\Ad\LOCALS~1\Temp\Rar$EX00.640\HijackThis[Caution: ExecutableFile]







R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adamsteele.co.uk/homepage.htm



R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway



R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway



R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway



O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll



O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll



O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra[Caution: ExecutableFile]



O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM[Caution: ExecutableFile] -startup



O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch[Caution: ExecutableFile]" -start



O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile] /STARTUP



O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt[Caution: ExecutableFile]" /startup



O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?



O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll



O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll



O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)



O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)



O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]



O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile]



O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile]



O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: ExecutableFile]



O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile]



O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

 

 

 

 

Thanks in advance..

 

 

 

8)

[wahoo]

I'm cleaning my computer out, I've run AVG, Spybot and Ad-aware and now HJT, and I was wondering if a techie could take a look at my attempts at getting rid of all resource hogs, or unneccessaries.

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1



Scan saved at 21:29:24, on 02/02/2006



Platform: Windows XP SP2 (WinNT 5.01.2600)



MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)







Running processes:



C:\WINDOWS\System32\smss.e3e (CAUTION - executable file)



C:\WINDOWS\system32\winlogon.e3e (CAUTION - executable file)



C:\WINDOWS\system32\services.e3e (CAUTION - executable file)



C:\WINDOWS\system32\lsass.e3e (CAUTION - executable file)



C:\WINDOWS\system32\Ati2evxx.e3e (CAUTION - executable file)



C:\WINDOWS\system32\svchost.e3e (CAUTION - executable file)



C:\WINDOWS\System32\svchost.e3e (CAUTION - executable file)



C:\WINDOWS\system32\spoolsv.e3e (CAUTION - executable file)



C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.e3e (CAUTION - executable file)



C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.e3e (CAUTION - executable file)



C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.e3e (CAUTION - executable file)



C:\WINDOWS\Explorer.e3e (CAUTION - executable file)



C:\WINDOWS\stsystra.e3e (CAUTION - executable file)



C:\Program Files\Common Files\InstallShield\UpdateService\issch.e3e (CAUTION - executable file)



C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.e3e (CAUTION - executable file)



C:\Program Files\Dell Support\DSAgnt.e3e (CAUTION - executable file)



C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.e3e (CAUTION - executable file)



C:\WINDOWS\System32\svchost.e3e (CAUTION - executable file)



C:\Program Files\Opera\Opera.e3e (CAUTION - executable file)



C:\DOCUME~1\Ad\LOCALS~1\Temp\Rar$EX00.640\HijackThis.e3e (CAUTION - executable file)







R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adamsteele.co.uk/homepage.htm



R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway



R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway



R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway



O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll



O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll



O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.e3e (CAUTION - executable file)



O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.e3e (CAUTION - executable file) -startup



O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.e3e (CAUTION - executable file)" -start



O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.e3e (CAUTION - executable file) /STARTUP



O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.e3e (CAUTION - executable file)" /startup



O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?



O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll



O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll



O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)



O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.e3e (CAUTION - executable file)



O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.e3e (CAUTION - executable file)



O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)



O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.e3e (CAUTION - executable file)



O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.e3e (CAUTION - executable file)



O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.e3e (CAUTION - executable file)



O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.e3e (CAUTION - executable file)



O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.e3e (CAUTION - executable file)



O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.e3e (CAUTION - executable file)

 

 

 

 

 

 

 

Thanks in advance..

 

 

 

8)

 

 

 

 

 

 

 

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

 

 

 

 

 

 

 

I'm pretty sure that is spyware

 

 

 

 

 

 

 

Need someone to check over

 

 

 

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

 

 

 

 

 

 

 

and

 

 

 

 

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

[Albosky]

Look pretty clean actually

 

 

 

 

 

 

 

the Missing file for MSN mentioned above is a common problem for anyone with MSN , reinstall wont replace the file , neither will a install>repair , i think microsoft forgot to take out a piece of code on a previous update , you can remove it , wont hurt a thing

 

 

 

 

 

 

 

as for the java "button" entry , that is what makes "java Sun Console" appear in the tools menu of IE .

 

 

 

 

 

 

 

The one entry i would be actually concerned about is

 

 

 

 

 

 

 

C:\WINDOWS\stsystra.e3e (CAUTION - executable file)

 

 

 

 

 

 

 

stsystra is normally a process for Sigmatel Audio chips(onboard) also known as - SigmaTel C-Major Audio Tray App

 

 

 

 

 

 

 

As you are running a Dell (so it seems from your log) , you may just have that chip and if you are not having any problems , leave it , just keep in mind that some spyware has been known to disguise itself as stsystra and dump itself into WINDOWS or WINDOWS\system32

 

 

 

 

 

 

 

Just a note in the future though , place HJT in a folder other then a Temp :)