Results 1 to 4 of 4

Thread: Please look at my Hijackthis log

  1. 03-15-2005, 03:49 AM #1
    Sasage
    Sasage is offline
    Poster
    Join Date
    Nov 2002
    Location
    Michigan
    Posts
    249
    Hey,

    I have been having major spyware/redirecting problems.
    Please take a look and tell me if I need to get rid of something.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:34:21 PM, on 3/14/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\sstray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Dudez\ProtoWall\ProtoWall.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
    C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
    C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
    C:\Program Files\NowWAP\WAP3GXNT.EXE
    C:\Program Files\NowWAP\WAP3GXS.EXE
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Java\j2re1.4.2\bin\javaw.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Nathan\LOCALS~1\Temp\Rar$EX00.656\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R3 - Default URLSearchHook is missing
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [nsvcin] C:\WINDOWS\system32\n20050308.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Dudez\ProtoWall\ProtoWall.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
    O4 - Global Startup: Enable Wireless Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
    O4 - Global Startup: SATARaid.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemp...veSekurity.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/075b32cc...p/RdxIE601.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{85883902-4F1A-4FF6-A5E0-539DBB5163B9}: NameServer = 192.168.1.1
    O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\en42l1ho1.dll
    O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Now.WAP Proxy Gateway Service (WAP3GX) - Unknown owner - C:\Program Files\NowWAP\WAP3GXNT.EXE
    Reply With Quote Reply With Quote
  3. 03-15-2005, 03:56 AM Software & Hardware   -   #2
    tesco
    tesco is offline
    tesco's Avatar woowoo
    Join Date
    Aug 2003
    Location
    Canadia
    Posts
    21,669
    www.hijackthis.de

    edit:
    fix this:
    R3 - Default URLSearchHook is missing


    that's all the looks bad.
    Last edited by tesco; 03-15-2005 at 03:57 AM.
    Reply With Quote Reply With Quote
  5. 03-15-2005, 03:59 AM Software & Hardware   -   #3
    Sasage
    Sasage is offline
    Poster
    Join Date
    Nov 2002
    Location
    Michigan
    Posts
    249
    By fixed do you mean deleted?
    Reply With Quote Reply With Quote
  7. 03-15-2005, 04:18 AM Software & Hardware   -   #4
    tesco
    tesco is offline
    tesco's Avatar woowoo
    Join Date
    Aug 2003
    Location
    Canadia
    Posts
    21,669
    Quote Originally Posted by Sasage
    By fixed do you mean deleted?
    I suppose.
    But in hijackthis! you click "fix selected" not "delete"
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Page Generation Time
0.09
Number of Queries
15
Links: Talkgold Forum | AdServices