Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HijackThis-log


  • Please log in to reply

#1
Roulette

Roulette

    Member

  • Member
  • PipPip
  • 38 posts
I got ''http://www.iwantsearch.com'' and some search-bar loaded with ads bugging me everytime i open the browser.

Plus I CAN'T create new folders, files etc. onto desktop or into folders.
  • 0

Advertisements


#2
Roulette

Roulette

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Srry, the log:

Logfile of HijackThis v1.97.7
Scan saved at 20:43:11, on 11.10.2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\OHJELMATIEDOSTOT\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\OHJELMATIEDOSTOT\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\OHJELMATIEDOSTOT\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\LOADQM.EXE
C:\OHJELMATIEDOSTOT\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\OHJELMATIEDOSTOT\CLEANMYPC\REGISTRY CLEANER\RCSCHEDULER.EXE
C:\OHJELMATIEDOSTOT\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\OHJELMATIEDOSTOT\GETRIGHT\GETRIGHT.EXE
C:\OHJELMATIEDOSTOT\MSWORKS\CALENDAR\WKCALREM.EXE
C:\OHJELMATIEDOSTOT\INTERVIDEO\COMMON\BIN\WINCINEMAMGR.EXE
C:\OHJELMATIEDOSTOT\OLYMPUS\CAMEDIA MASTER 4.2\CM_CAMERA.EXE
C:\OHJELMATIEDOSTOT\GETRIGHT\GETRIGHT.EXE
C:\OHJELMATIEDOSTOT\OPENOFFICE.ORG1.0\PROGRAM\SOFFICE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\OHJELMATIEDOSTOT\PPO\BAANA 1.5C.SP1\APP\ENTERNET.EXE
C:\OHJELMATIEDOSTOT\INTERNET EXPLORER\IEXPLORE.EXE
C:\OMAT TIEDOSTOT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwantsearch.com
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUNDLG32.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\OHJELMATIEDOSTOT\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\ohjelmatiedostot\google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\OHJELM~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUNDLG32.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\ohjelmatiedostot\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUNDLG32.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe C:\WINDOWS\TeleWell\CnxTrApp.dll,AppEntryA -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [AudioHQ] C:\Ohjelmatiedostot\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG_CC] C:\OHJELMATIEDOSTOT\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Ohjelmatiedostot\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SmcService] C:\OHJELM~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\OHJELM~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [SmcService] C:\OHJELMATIEDOSTOT\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [Steam] C:\Ohjelmatiedostot\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Ohjelmatiedostot\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\OHJELMATIEDOSTOT\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: GetRight - Tray Icon.lnk = C:\Ohjelmatiedostot\GetRight\getright.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Microsoft Works Calendarin Muistutukset.lnk = C:\Ohjelmatiedostot\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: InterVideo WinCinema Manager.lnk = C:\Ohjelmatiedostot\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Startup: OpenOffice.org 1.0.lnk = C:\Ohjelmatiedostot\OpenOffice.org1.0\program\quickstart.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Ohjelmatiedostot\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
O8 - Extra context menu item: Download with GetRight - C:\Ohjelmatiedostot\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Ohjelmatiedostot\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Google Search - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O12 - Plugin for .spop: C:\OHJELM~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8135.1319560185
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.co...ltInstaller.ocx
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://gw.tallinnlv....sCamControl.cab
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://63.102.226.24...va/cfs40320.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553546800} - http://download.macr...ash/swflash.cab
  • 0

#3
Roulette

Roulette

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
There's also some pop-ups to deal with when opening the browser
  • 0

#4
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Hi Roulette. Welcome to Geeks to Go. <_<


Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/


Download Ad-aware from: http://www.geekstogo...n=download&id=5

Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

-> Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:
  • Automatically save log-file
  • Automatically quarantine objects prior to removal
  • Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
  • Scan Within Archives
  • Scan Active Processes
  • Scan Registry
  • Deep Scan Registry
  • Scan my IE favorites for banned URL’s
  • Scan my Hosts file
  • Under Click here to select drives + folders, choose:
  • All of your hard drives
-> Click on the Advanced button on the left and select:
  • Include additional process information
  • Include additional file information
  • Include environment information
  • Include additional object details
-> Click the Tweak button and select:
  • Under the Scanning Engine:
    • Unload recognized processes during scanning
    • Include basic Ad-aware settings in logfile
    • Include additional Ad-aware settings in logfile
  • Under the Cleaning Engine:
    • Let Windows remove files in use at next reboot
-> Click on Proceed to save the settings.

-> Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:
  • Use Custom Scanning Options
-> Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

-> Save the log file when it asks and then click Finish

-> When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

-> Reboot your computer.


I need you to click on the HiJack This Log download in my signature to get the latest version of Hijack This and post a new log.
  • 0

#5
Roulette

Roulette

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Roger that, this takes some time
  • 0

#6
Roulette

Roulette

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Couldn't download the lates version of HijackThis via ur signature, already contacted the webmaster...what is the lates version of Hijack and is there any other link from where I could get it also ?
  • 0

#7
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
1.98.2 Let me see if I can find you another link. Did you do the other things? I'll start looking at your log.
  • 0

#8
Roulette

Roulette

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Yes I did, exactly as u said, they found nothing. I just need the new version of Hijack

I'll just wait ur answer, thanx
  • 0

#9
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
http://www.spywarein.../downloads.html
  • 0

#10
Roulette

Roulette

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
What does that help
  • 0

Advertisements


#11
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Having an updated version of HiJack This gives you the latest version in indentifying the most recently developed hijackers, etc. Downloading an old version of Hijack This is akin to downloading old definitions for your anti-virus programs.
  • 0

#12
Roulette

Roulette

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Sry, I didn't quite understand, what do I have to download from http://www.spywarein.../downloads.html ?
  • 0

#13
Roulette

Roulette

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Oh u meant I have to download HijackThis 1.98.2
from there ? When I tried to download that version via some other page, it was the same older version what I'm using right now, hope this really is 1.98.2 !
  • 0

#14
Roulette

Roulette

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
This should do it ?

Logfile of HijackThis v1.98.2
Scan saved at 14:53:05, on 12.10.2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\OHJELMATIEDOSTOT\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\OHJELMATIEDOSTOT\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\OHJELMATIEDOSTOT\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\LOADQM.EXE
C:\OHJELMATIEDOSTOT\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\OHJELMATIEDOSTOT\THE CLEANER\TCA.EXE
C:\OHJELMATIEDOSTOT\THE CLEANER\TCM.EXE
C:\OHJELMATIEDOSTOT\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\OHJELMATIEDOSTOT\GETRIGHT\GETRIGHT.EXE
C:\OHJELMATIEDOSTOT\GETRIGHT\GETRIGHT.EXE
C:\OHJELMATIEDOSTOT\MSWORKS\CALENDAR\WKCALREM.EXE
C:\OHJELMATIEDOSTOT\INTERVIDEO\COMMON\BIN\WINCINEMAMGR.EXE
C:\OHJELMATIEDOSTOT\OPENOFFICE.ORG1.0\PROGRAM\SOFFICE.EXE
C:\OHJELMATIEDOSTOT\OLYMPUS\CAMEDIA MASTER 4.2\CM_CAMERA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\OHJELMATIEDOSTOT\PPO\BAANA 1.5C.SP1\APP\ENTERNET.EXE
C:\OHJELMATIEDOSTOT\WINDOWS MEDIA PLAYER\WMPLAYER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\OHJELMATIEDOSTOT\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TYöPöYTä\HIJACKTHIS19802.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwantsearch.com
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUNDLG32.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\OHJELMATIEDOSTOT\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\ohjelmatiedostot\google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\OHJELM~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUNDLG32.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\ohjelmatiedostot\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUNDLG32.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe C:\WINDOWS\TeleWell\CnxTrApp.dll,AppEntryA -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [AudioHQ] C:\Ohjelmatiedostot\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG_CC] C:\OHJELMATIEDOSTOT\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Ohjelmatiedostot\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SmcService] C:\OHJELM~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [tcactive] C:\OHJELMATIEDOSTOT\THE CLEANER\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\OHJELMATIEDOSTOT\THE CLEANER\tcm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\OHJELM~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [SmcService] C:\OHJELMATIEDOSTOT\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\OHJELMATIEDOSTOT\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: GetRight - Tray Icon.lnk = C:\Ohjelmatiedostot\GetRight\getright.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Microsoft Works Calendarin Muistutukset.lnk = C:\Ohjelmatiedostot\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: InterVideo WinCinema Manager.lnk = C:\Ohjelmatiedostot\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Startup: OpenOffice.org 1.0.lnk = C:\Ohjelmatiedostot\OpenOffice.org1.0\program\quickstart.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Ohjelmatiedostot\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
O8 - Extra context menu item: Download with GetRight - C:\Ohjelmatiedostot\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Ohjelmatiedostot\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Google Search - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O12 - Plugin for .spop: C:\OHJELM~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.co...ltInstaller.ocx
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://gw.tallinnlv....sCamControl.cab
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://63.102.226.24...va/cfs40320.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
  • 0

#15
admin

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwantsearch.com
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUNDLG32.DLL
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUNDLG32.DLL
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUNDLG32.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.co...ltInstaller.ocx

Please reboot into safe mode - How do I boot into "Safe" mode?.
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUNDLG32.DLL

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. <_<
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP