my hijack this log

Discussion in 'adware, spyware & hijack cleaning' started by Stressy, Mar 15, 2004.

Thread Status:
Not open for further replies.
  1. Stressy

    Stressy Registered Member

    Joined:
    Mar 14, 2004
    Posts:
    15
    hi all, this is my very 1st post.. just wondering is my system free from all those crappy spywares..

    Logfile of HijackThis v1.97.7
    Scan saved at 12:46:25 PM, on 3/15/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\SYSTEM32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\Explorer.EXE
    F:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
    F:\Program Files\Messenger Plus! 2\MsgPlus.exe
    F:\WINDOWS\System32\CTsvcCDA.exe
    F:\Program Files\Executive Software\Diskeeper\DkService.exe
    F:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    F:\Program Files\Eset\nod32krn.exe
    F:\WINDOWS\System32\nvsvc32.exe
    F:\WINDOWS\System32\PGPsdkServ.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\WinPoET Broadband Connection\WrOS.EXE
    F:\WINDOWS\System32\MsPMSPSv.exe
    F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    F:\Program Files\ESET\nod32kui.exe
    F:\Program Files\Mozilla Firefox\firefox.exe
    F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    F:\Documents and Settings\Terrence Chia\Desktop\security\HijackThis.exe

    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [a-winpoet-service] "F:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
    O4 - HKLM\..\Run: [MessengerPlus2] "F:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O10 - Broken Internet access because of LSP provider 'imon.dll' missing
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38029.8524537037
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{652E6D9E-BFA2-46A7-8AC4-529A8945EBF9}: NameServer = 165.21.100.88 165.21.83.88
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Stressy,

    Welcome at Wilders. :)

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    O4 - Startup: PowerReg Scheduler.exe

    Then reboot.

    No spyware, just a "nag" screen.

    Regards,

    Pieter
     
  3. Stressy

    Stressy Registered Member

    Joined:
    Mar 14, 2004
    Posts:
    15
    thks man :)
     
Thread Status:
Not open for further replies.