Hijack this

isatippy · Mar 21, 2005

Can someone tell me if I should remove any of this.

Logfile of HijackThis v1.99.1
Scan saved at 7:45:40 AM, on 3/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Parent\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.charter.net/en_US_base/residential/?logout=1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt3.0.0.572.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McShield - Network Associates, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Managed Services Agent (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

Thanks

RealBlackStuff · Mar 21, 2005

Go to this post here first, and follow the instructions EXACTLY, especially about UPDATING and HJT-location.
How to remove Begin2Search/Coolwebsearch and Other Nasties
Then see How to post your Hijackthis log-files.

Apart from some Search-infection, you must have other info, that log is not complete.
This one is not very healthy either: O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

isatippy · Mar 21, 2005

Sorry about that :dead: this is my the hole thing.

RealBlackStuff · Mar 22, 2005

C:\DOCUME~1\Parent\LOCALS~1\Temp\Temporary Directory 1 for hijackthissetup.zip\HijackThis.exe

realblackstuff said:
follow the instructions EXACTLY, especially about UPDATING and HJT-location.

Also, my Signature says the same!

isatippy · Mar 22, 2005

This is my log after running all the programs in safe mode.

isatippy · Mar 23, 2005

Is this list ok or should some be removed.

RealBlackStuff · Mar 24, 2005

You are still NOT using the latest HJT, which is V1.99.1
You went wild on log1! You 'fixed' too much as far as I am concerned, but it is YOUR PC, and you can do what you like!.
Anyway, based on log 032305:

Boot in Safe Mode, run HJT on its own and let it 'fix':
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.charter.net/en_US_base/residential/?logout=1

isatippy · Mar 24, 2005

Sorry about the lates version but it looks like it found something more look at this.O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll and what do you mean "run HJT on its own and let it 'fix'". :suspiciou

RealBlackStuff · Mar 25, 2005

what do you mean "run HJT on its own and let it 'fix'.

run HJT on its own: no other programs running at the same time
let it 'fix': place a tick-mark next to the indicated lines, and hit the 'Fix checked' button.

So do as advised in my previous post.

isatippy · Mar 25, 2005

Thats what I thought but the why you worded it it sounded different. :hotbounce

isatippy · Mar 25, 2005

this is the log after I removed them.

RealBlackStuff · Mar 26, 2005

Run HJT from normal mode and 'fix':
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)

Delete the bold directory if still there

As to this one,
020 - Winlogon Notify: igfxcul - C"\WINDOWS\SYSTEM32\igfxsrvc.dll

Intel said:
Thank you for contacting Intel(R) Technical Support.

This file is part of the Intel(R) integrated graphics controller; therefore, it is completely safe and
should create no issues. Furthermore, we do not recommend editing the registry to remove any file
that came with the driver.

Please do not hesitate to contact us again if you need further assistance.

Sincerely,

Otto JK.
Intel Technical Support

isatippy · Mar 28, 2005

Sorry I'am late in responding but was gone for several days but here is the log.

RealBlackStuff · Mar 28, 2005

Your PC got a clean bill of health

isatippy · Mar 28, 2005

Great and Thanks!! :knock:

Hijack this

isatippy

Posts: 307 +0

RealBlackStuff

Posts: 6,450 +3

isatippy

Posts: 307 +0

RealBlackStuff

Posts: 6,450 +3

isatippy

Posts: 307 +0

isatippy

Posts: 307 +0

RealBlackStuff

Posts: 6,450 +3

isatippy

Posts: 307 +0

RealBlackStuff

Posts: 6,450 +3

isatippy

Posts: 307 +0

isatippy

Posts: 307 +0

RealBlackStuff

Posts: 6,450 +3

isatippy

Posts: 307 +0

Attachments

RealBlackStuff

Posts: 6,450 +3

isatippy

Posts: 307 +0

Similar threads

Latest posts