just weird and frustrating

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
T

treyxanthean

Thread Starter
Joined
Mar 15, 2004
Messages
13
Hi All, i will post my hijack this log at the end of this post.. but before i do this i must tell you, that i have to keep doing a system restore every other time i get on and then get off the internet. if i restart my computer i am not able to log on to any websites at all!!!! i can however be connected to the net and say like download an ad-aware up date or run my newsbin pro or something like that... just weird and frustrating if you ask me... anyhow here is the logfile and just so you know i dont expect there will be anything shown but i will hope aganst hope.... thanks for looking and replying... Trey


Logfile of HijackThis v1.97.7
Scan saved at 2:49:50 AM, on 4/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\kxmixer.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://infowars.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://infowars.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://infowars.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://infowars.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://infowars.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://infowars.net/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\System32\kxmixer.exe --startup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O8 - Extra context menu item: Allow Site's Pop-&ups - file://C:\Program Files\PopNot\trustsite.script
O8 - Extra context menu item: Always &Kill this Pop-up - file://C:\Program Files\PopNot\blocksite.script
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16797121-6837-44C7-A17D-D367E7F9B931}: NameServer = 64.63.216.6 64.63.219.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{16797121-6837-44C7-A17D-D367E7F9B931}: NameServer = 64.63.216.6 64.63.219.6
 
Flrman1

Flrman1

Joined
Jul 26, 2002
Messages
46,349
I don't see anything in your log. What exactly is happening that forces you to do these restores?
 
T

treyxanthean

Thread Starter
Joined
Mar 15, 2004
Messages
13
well flrman1,.."every other time i get on and then get off the internet. if i restart my computer i am not able to log on to any websites at all!!!!" now i did download Spy Sweeper and it found an alexia toolbar that all my others did not.. it seams to have fixed the problem however i still have from time to time extra reg entries in the form of these here (actual hijack this log excerpt from today, the rest is exactly the same...)

O17 - HKLM\System\CCS\Services\Tcpip\..\{16797121-6837-44C7-A17D-D367E7F9B931}: NameServer = 64.63.216.6 64.63.219.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{16797121-6837-44C7-A17D-D367E7F9B931}: NameServer = 64.63.216.6 64.63.219.6
i hope these are supposed to be there, cause they are not in every scan.. i have gotten rid of some in the past but i don't think they are harmfull.. perhaps you know better.... thanks for your time.... b.t.w. i have,Spybot,Ad-aware 6.0,cwshredder,Spy Cop and SpywareBlaster installed as well.....
 
Flrman1

Flrman1

Joined
Jul 26, 2002
Messages
46,349
The IP in those O17's resolve to:

Hawk Communications
Address: 3530 Ashford Dunwoody Rd
City: Atlanta
StateProv: GA
PostalCode: 30319
Country: US
Comment: Hawk Communications is the leading Dial Network in
Comment: the U.S.A.

They are legit.
 
T

treyxanthean

Thread Starter
Joined
Mar 15, 2004
Messages
13
Cool!! Thanks for the trace!!!!!!!!!! i hope this crud is over with now.... i'll sign off on that note since i think it was the alexia toolbar thing.. thanks for all your help in this matter!!!!!!!!! i will try to donate something soon if the Good Lord permitts..... See Ya,
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Total: 678 (members: 5, guests: 673)
Top