Recommended Posts

I've been having problems accessing certain sites as of late (google.com, yahoo.com, etc.). Here's a copy of my log. Please help :)

Logfile of HijackThis v1.99.0

Scan saved at 7:55:01 AM, on 1/23/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\runservice.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\system32\n?tepad.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [Wdmgdh] C:\WINDOWS\system32\n?tepad.exe

O4 - Startup: PowerReg Scheduler V3.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt2_x.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/expressview...ViewerSetup.cab

O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/to.../npseatools.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6AC2BA55-D8AC-4252-A5BC-F11315878507}: NameServer = 209.47.15.118,64.157.143.38,68.46.144.5,68.46.144.6

O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: LicCtrl Service - Unknown - C:\WINDOWS\runservice.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

Link to post
Share on other sites

Hi cheszekiah,

Sorry for the delay. I will be assisting you with your HijackThis log.

Open HijackThis, click the "Scan" button, and check the following files:

R3 - Default URLSearchHook is missing

O4 - HKCU\..\Run: [Wdmgdh] C:\WINDOWS\system32\n?tepad.exe

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

Here are some optional fixes in HijackThis:

O4 - Startup: PowerReg Scheduler V3.exe

A registration reminder from Leadertech, and is considered spyware by many experts.

Close ALL windows except HijackThis, and click "Fix Checked"

Reboot. Then click Start --> Find. Find the following file:

n?tepad.exe

For all of those files that you find, right-click on the applications (.exe) and select properties.

In the properties look at the file types. Record your findings.

Finally, post a new log, WITH your findings of the properties.

dk :)

Link to post
Share on other sites
  • 4 months later...
Guest
This topic is now closed to further replies.