hijack log file

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

kirghis

Thread Starter
Joined
Aug 30, 2003
Messages
37
Hi, Can someone please take a look at this Hijack file , and tell me if there are any problems...Thank you.


Logfile of HijackThis v1.96.2
Scan saved at 20:25:01, on 10/09/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\NotifyPhoneBook.exe
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\kyenghis\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.freeserve.com/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by btclick.com
O1 - Hosts: 65.120.116.174 www.aimster.com
O1 - Hosts: 65.120.116.173 lite.aimster.com
O1 - Hosts: 65.120.116.172 mini.aimster.com
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {91124CF5-0DFA-42CF-9768-D68366447C60} - C:\WINDOWS\system32\moz030715s.dll
O2 - BHO: (no name) - {B27EB7A3-1CC8-4C9F-9C25-20D0AC9C5E80} - C:\WINDOWS\system32\wcsjopv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\Ontrack\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [WebCam Go Sti Service Application] wbcgosvc
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://chat-a1.freeserve.com/Java/cfs31235.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.browserplugin.com/eroticAccess/cabs/1768015.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37864.294525463
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://offers.contentwatch.com/audit/includes/ContentAuditControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EAB2E78-6D10-4E9F-BD70-5C29E76B474D}: NameServer = 212.158.192.2 212.158.192.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{0EAB2E78-6D10-4E9F-BD70-5C29E76B474D}: NameServer = 212.158.192.2 212.158.192.3
 
Joined
Oct 9, 2001
Messages
9,396
welcome to T.S.G:)

run hijackthis again and put a checkmark against these entries....
.....then,close all browser and outlook windows and "fix checked"

O1 - Hosts: 65.120.116.174 www.aimster.com
O1 - Hosts: 65.120.116.173 lite.aimster.com
O1 - Hosts: 65.120.116.172 mini.aimster.com
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: (no name) - {91124CF5-0DFA-42CF-9768-D68366447C60} - C:\WINDOWS\system32\moz030715s.dll
O2 - BHO: (no name) - {B27EB7A3-1CC8-4C9F-9C25-20D0AC9C5E80} - C:\WINDOWS\system32\wcsjopv.dll
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.browserplugin.com/erotic...abs/1768015.cab

re-boot after..and have a good birthday.
;)

1 more thing..........i dont see an antivirus program......you NEED one.
 

kirghis

Thread Starter
Joined
Aug 30, 2003
Messages
37
Thanks Steve..i'll do it right away...by the way I have a virus program ..it's called Ontrack ...Thanks again.
 
Joined
Dec 10, 2001
Messages
15
I was just looking at the ontrack site and saw no mention of them providing virus protection . I may have missed it but I dont think so .
Cheers:)
 

kirghis

Thread Starter
Joined
Aug 30, 2003
Messages
37
Hi, Actually it's called Fix-it utilites 4.0...and it has a virus protection .. is there a better virus protection? ...thanks
 
Joined
Oct 9, 2001
Messages
9,396
i must admit ive never heard of "fix-it" so i cant comment on how efficient it is............just keep it updated and you should be ok.

;)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top