passwords saved previously now not - help !

[Deleted User]

Comparison of your HijackThis log file items to others

The table below compares the items HijackThis found on your computer with those on other people's computers. The column "% of PCs with item" indicates what percent of other people's HijackThis log files contain the item in that row of the table. Additional information will be provided as more HijackThis log files are added to the AnalyzeThis database.
Each entry is coded to indicate the type of item it is on your computer. An explanation of these codes may be found at the bottom of this page.


Index% of PCs with itemCodeData10.0%O1[URL="javascript:void(0)"]::1 localhost[/URL]20.0%O13[URL="javascript:void(0)"][/URL]680.0%O8[URL="javascript:void(0)"]Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm[/URL]690.0%O8[URL="javascript:void(0)"]Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm[/URL]700.0%O8[URL="javascript:void(0)"]Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html[/URL]750.0%P01[URL="javascript:void(0)"]C:\WINDOWS\Explorer.EXE[/URL]760.0%P01[URL="javascript:void(0)"]C:\Program Files\Internet Explorer\iexplore.exe[/URL]770.0%P01[URL="javascript:void(0)"]C:\WINDOWS\system32\wuauclt.exe[/URL]780.0%P01[URL="javascript:void(0)"]C:\WINDOWS\System32\hkcmd.exe[/URL]790.0%P01[URL="javascript:void(0)"]C:\WINDOWS\system32\igfxpers.exe[/URL]800.0%P01[URL="javascript:void(0)"]C:\PROGRA~1\mcafee.com\agent\mcagent.exe[/URL]810.0%P01[URL="javascript:void(0)"]C:\WINDOWS\system32\igfxsrvc.exe[/URL]820.0%P01[URL="javascript:void(0)"]C:\Windows\system32\taskeng.exe[/URL]830.0%P01[URL="javascript:void(0)"]C:\Windows\system32\Dwm.exe[/URL]840.0%P01[URL="javascript:void(0)"]C:\Program Files\Dell\QuickSet\quickset.exe[/URL]850.0%P01[URL="javascript:void(0)"]C:\WINDOWS\system32\WLTRAY.exe[/URL]860.0%P01[URL="javascript:void(0)"]C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[/URL]870.0%P01[URL="javascript:void(0)"]C:\Program Files\Windows Sidebar\sidebar.exe[/URL]880.0%P01[URL="javascript:void(0)"]C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[/URL]890.0%P01[URL="javascript:void(0)"]C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[/URL]900.0%P01[URL="javascript:void(0)"]C:\PROGRA~1\mcafee\msc\mcuimgr.exe[/URL]910.0%P01[URL="javascript:void(0)"]C:\Program Files\Dell Support Center\bin\sprtcmd.exe[/URL]920.0%P01[URL="javascript:void(0)"]C:\Program Files\SetPoint\SetPoint.exe[/URL]930.0%P01[URL="javascript:void(0)"]C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[/URL]940.0%P01[URL="javascript:void(0)"]C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[/URL]950.0%P01[URL="javascript:void(0)"]C:\Program Files\Windows Live\Contacts\wlcomm.exe[/URL]960.0%P01[URL="javascript:void(0)"]C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[/URL]970.0%P01[URL="javascript:void(0)"]C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe[/URL]980.0%P01[URL="javascript:void(0)"]C:\Program Files\OpenOffice.org 3\program\soffice.exe[/URL]990.0%P01[URL="javascript:void(0)"]C:\Program Files\OpenOffice.org 3\program\soffice.bin[/URL]1000.0%P01[URL="javascript:void(0)"]C:\Program Files\Dell\DellDock\DellDock.exe[/URL]1010.0%P01[URL="javascript:void(0)"]C:\Program Files\Windows Live\Messenger\msnmsgr.exe[/URL]1020.0%P01[URL="javascript:void(0)"]C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe[/URL]1030.0%P01[URL="javascript:void(0)"]C:\Program Files\TrendMicro\HijackThis\HijackThis.exe[/URL]1040.0%P01[URL="javascript:void(0)"]C:\Program Files\DellTPad\Apoint.exe[/URL]1050.0%P01[URL="javascript:void(0)"]C:\Program Files\DellTPad\Apntex.exe[/URL]1060.0%P01[URL="javascript:void(0)"]C:\Program Files\DellTPad\HidFind.exe[/URL]1070.0%P01[URL="javascript:void(0)"]C:\Program Files\IDT\WDM\sttray.exe[/URL]1080.0%R0[URL="javascript:void(0)"]HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157[/URL]1090.0%R0[URL="javascript:void(0)"]HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =[/URL]1100.0%R0[URL="javascript:void(0)"]HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =[/URL]1110.0%R0[URL="javascript:void(0)"]HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =[/URL]1120.0%R0[URL="javascript:void(0)"]HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157[/URL]1130.0%R1[URL="javascript:void(0)"]HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896[/URL]1140.0%R1[URL="javascript:void(0)"]HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896[/URL]1150.0%R1[URL="javascript:void(0)"]HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896[/URL]1160.0%R1[URL="javascript:void(0)"]HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/[/URL]1170.0%R1[URL="javascript:void(0)"]HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2[/URL]

[Deleted User]

Explanation of the codes

R - Registry, StartPage/SearchPage changes

• R0 - Changed registry value
• R1 - Created registry value
• R2 - Created registry key
• R3 - Created extra registry value where only one should be

F - IniFiles, autoloading entries

• F0 - Changed inifile value
• F1 - Created inifile value
• F2 - Changed inifile value, mapped to Registry
• F3 - Created inifile value, mapped to Registry

N - Netscape/Mozilla StartPage/SearchPage changes

• N1 - Change in prefs.js of Netscape 4.x
• N2 - Change in prefs.js of Netscape 6
• N3 - Change in prefs.js of Netscape 7
• N4 - Change in prefs.js of Mozilla

O - Other, several sections which represent:

• O1 - Hijack of auto.search.msn.com with Hosts file
• O2 - Enumeration of existing MSIE BHO's
• O3 - Enumeration of existing MSIE toolbars
• O4 - Enumeration of suspicious autoloading Registry entries
• O5 - Blocking of loading Internet Options in Control Panel
• O6 - Disabling of 'Internet Options' Main tab with Policies
• O7 - Disabling of Regedit with Policies
• O8 - Extra MSIE context menu items
• O9 - Extra 'Tools' menuitems and buttons
• O10 - Breaking of Internet access by New.Net or WebHancer
• O11 - Extra options in MSIE 'Advanced' settings tab
• O12 - MSIE plugins for file extensions or MIME types
• O13 - Hijack of default URL prefixes
• O14 - Changing of IERESET.INF
• O15 - Trusted Zone Autoadd
• O16 - Download Program Files item
• O17 - Domain hijack
• O18 - Enumeration of existing protocols and filters
• O19 - User stylesheet hijack
• O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
• O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
• O22 - SharedTaskScheduler autorun Registry key
• O23 - Enumeration of NT Services
• O24 - Enumeration of ActiveX Desktop Components

i am really none the wiser so hope someone can help

jinky67

I had loads of problems with Sweet IM:cool:

aliEnRIK

Very suprised malwarebytes never flagged it. can you simply just uninstall SWEET IM?

As for the hijack log, im unsure whats happened there
Run it again and Click DO A SCAN AND SAVE A LOGFILE
This will auto open notepad. Its the notepad log I want and it will look something like this ~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:16:05 PM, on 24/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe
C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHook32.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files (x86)\Registry Mechanic\RMTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\tripsmmm\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files (x86)\Registry Mechanic\rmtray.exe /H
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Registration Assassin's Creed.LNK = C:\Program Files (x86)\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7500 bytes

[Deleted User]

i did have something like that but it wouldn't let me copy it.
my password is saving again now so i am a bit confused as to what happened

thankyou for all your help ,, i am going to uninstall anyway just to be on the safe side.

aliEnRIK

It wouldnt let you copy the notepad file? The main problem with sweet im is that it includes a toolbar. Its the toolbar thats the general problem and causes quite a few issues

[Deleted User]

oh ok i will uninstall that first and see what happens
thankyou

jinky67

mummyof5 wrote: »

oh ok i will uninstall that first and see what happens
thankyou

even after I uninstalled it, it was still showing up on scans for about 3 weeks:mad:

seems to be gone now though:cool:

aliEnRIK

mummyof5 wrote: »

oh ok i will uninstall that first and see what happens
thankyou

Id personally recommend you remove the lot

[Deleted User]

aliEnRIK wrote: »

Id personally recommend you remove the lot

i have done now thanks again
mse won't give me access to your thanks button :mad: