Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log Please Help


  • Please log in to reply
1 reply to this topic

#1 Spieler

Spieler

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 09 July 2005 - 08:20 AM

I have XPhome SP2, I have noticed slow running, and Norton's kept turning itself off.

I have updated and run Spybot and Adaware SE. I have also been using Norton's, Mcafie, XP firewall. I have tried Xoftspy Spywareblaster Spywarenuker, escan ....

btw escan seems to have corrupted Nortons.


Dogpile has Hijack warning window popup, during operation,but finishes as clean.

IE and Opera both have clickit.go2net addresses when I use dogpile.com.

Please help with my Hijackthis log (I now realise how extremely busy this site is, when I scrolled through trying to find my post!!!!!!!!):-

Logfile of HijackThis v1.99.1
Scan saved at 14:03:26, on 09/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\PROGRA~1\eScan\TRAYSSER.EXE
D:\PROGRA~1\eScan\avpm.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Spyware Nuker 2004\swn2.exe
D:\PROGRA~1\eScan\TRAYICOS.EXE
D:\PROGRA~1\eScan\AVPMWrap.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\eScan\MAILDISP.EXE
D:\Program Files\ATI Multimedia\main\launchPd.EXE
D:\Program Files\ATI Multimedia\main\ATIDtct.EXE
D:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
D:\PROGRA~1\eScan\MAILSCAN.EXE
D:\PROGRA~1\eScan\SPOOLER.EXE
D:\PROGRA~1\eScan\kavss.exe
D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
D:\Program Files\IEEE 802.11g Wireless LAN Utility\wlanUtl.exe
D:\Program Files\PC-TV\WinManager\WinManager.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\PROGRA~1\eScan\AvpM.exe
D:\WINDOWS\system32\wpabaln.exe
D:\PROGRA~1\eScan\eScanWin.exe
D:\PROGRA~1\eScan\kavss.exe
D:\Program Files\Opera\Opera.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.avforums.com/forums/showthread....25&page=1&pp=15
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.flexi-surf.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.a1surf.com/surfcheck-sw-forecast.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Flexi Surf
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Spyware Nuker] D:\Program Files\Spyware Nuker 2004\swn2.exe /h
O4 - HKLM\..\Run: [MailScan Dispatcher] "D:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] D:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] D:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\launchPd.EXE"
O4 - HKCU\..\Run: [ATI DeviceDetect] D:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] D:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: IEEE 802.11g Wireless LAN Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinManager.lnk = D:\Program Files\PC-TV\WinManager\WinManager.exe
O8 - Extra context menu item: Download using LeechGet - file://D:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://D:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://D:\Program Files\LeechGet 2004\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - D:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'mwtsp.dll' missing
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.flexi-surf.co.uk/
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D3F4B91-14C5-4472-8A7C-38BA47A62258}: NameServer = 10.0.0.2
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - D:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
O23 - Service: eScan Server-Updater (eScan-trayicos) - Unknown owner - D:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - D:\PROGRA~1\eScan\avpm.exe
O23 - Service: McAfee Firewall - Unknown owner - D:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Unknown owner - D:\Program Files\Norton Internet Security\NISUM.EXE (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

Edited by Spieler, 10 July 2005 - 07:55 AM.


BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:08:42 AM

Posted 11 July 2005 - 08:26 AM

If you still need help, could you post a fresh log please?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users