TechSpot

Hijack this

By isatippy
Mar 21, 2005
  1. Can someone tell me if I should remove any of this.

    Logfile of HijackThis v1.99.1
    Scan saved at 7:45:40 AM, on 3/21/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Parent\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.charter.net/en_US_base/residential/?logout=1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt3.0.0.572.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: McShield - Network Associates, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    O23 - Service: McAfee Managed Services Agent (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    Thanks
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

  3. isatippy

    isatippy TS Rookie Topic Starter Posts: 497

    Sorry about that :dead: this is my the hole thing.
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    C:\DOCUME~1\Parent\LOCALS~1\Temp\Temporary Directory 1 for hijackthissetup.zip\HijackThis.exe

    Also, my Signature says the same!
     
  5. isatippy

    isatippy TS Rookie Topic Starter Posts: 497

    This is my log after running all the programs in safe mode.
     
  6. isatippy

    isatippy TS Rookie Topic Starter Posts: 497

    Is this list ok or should some be removed.
     
  7. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    You are still NOT using the latest HJT, which is V1.99.1
    You went wild on log1! You 'fixed' too much as far as I am concerned, but it is YOUR PC, and you can do what you like!.
    Anyway, based on log 032305:

    Boot in Safe Mode, run HJT on its own and let it 'fix':
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.charter.net/en_US_base/residential/?logout=1
     
  8. isatippy

    isatippy TS Rookie Topic Starter Posts: 497

    Sorry about the lates version but it looks like it found something more look at this.O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll and what do you mean "run HJT on its own and let it 'fix'". :suspiciou
     
  9. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    what do you mean "run HJT on its own and let it 'fix'.

    run HJT on its own: no other programs running at the same time
    let it 'fix': place a tick-mark next to the indicated lines, and hit the 'Fix checked' button.

    So do as advised in my previous post.
     
  10. isatippy

    isatippy TS Rookie Topic Starter Posts: 497

    Thats what I thought but the why you worded it it sounded different. :hotbounce
     
  11. isatippy

    isatippy TS Rookie Topic Starter Posts: 497

    this is the log after I removed them.
     
  12. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Run HJT from normal mode and 'fix':
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)

    Delete the bold directory if still there

    As to this one,
    020 - Winlogon Notify: igfxcul - C"\WINDOWS\SYSTEM32\igfxsrvc.dll
     
  13. isatippy

    isatippy TS Rookie Topic Starter Posts: 497

    Sorry I'am late in responding but was gone for several days but here is the log.
     

    Attached Files:

  14. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Your PC got a clean bill of health
     
  15. isatippy

    isatippy TS Rookie Topic Starter Posts: 497

    Great and Thanks!! :knock:
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...