Can somebody please analyze my HijackThis log?

Discussion in 'OT Technology' started by x deaD piXeL, Oct 2, 2007.

  1. x deaD piXeL

    x deaD piXeL Turn up the fucking music!

    Joined:
    Jan 24, 2006
    Messages:
    2,272
    Likes Received:
    0
    Location:
    Mill Ave baby, TEMPE AZ
    I've been getting spyware that neither spybot or ad aware can remove. Can somebody check this out and see if it's in here?

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 2:35:17 PM, on 10/2/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\Program Files\ISM2\ISMPack6.exe
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Michael\Desktop\HiJackThis_v2.exe
    C:\DOCUME~1\Michael\LOCALS~1\Temp\Blizzard Installer Bootstrap - 001018aa\Installer.exe

    O2 - BHO: (no name) - {50ca6f82-31f8-45f5-b505-830ca161b7dd} - C:\WINDOWS\system32\ahujntq.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {575FC5D2-78B4-487C-99A4-3F6BF415C8C9} - C:\WINDOWS\system32\ddcca.dll
    O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - C:\WINDOWS\system32\fccyywv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
    O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.4\webbuying.exe
    O4 - HKCU\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe"
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: fccyywv - C:\WINDOWS\SYSTEM32\fccyywv.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Online Services\proly.html

    --
    End of file - 3305 bytes
     
  2. FuzzyBunny

    FuzzyBunny I Doubt It

    Joined:
    Dec 7, 2006
    Messages:
    19,020
    Likes Received:
    3
    Location:
    Florida
    O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
    O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.4\webbuying.exe

    Check those out aka google em
     
  3. x deaD piXeL

    x deaD piXeL Turn up the fucking music!

    Joined:
    Jan 24, 2006
    Messages:
    2,272
    Likes Received:
    0
    Location:
    Mill Ave baby, TEMPE AZ
    Webbuying I'll delete that, but UltraMon is for added dual-monitor support

    Thanks!
     
  4. Emfuser

    Emfuser Nuclear Moderator Super Moderator

    Joined:
    Feb 20, 2002
    Messages:
    83,915
    Likes Received:
    466
    Location:
    Irmo, SC
    moved to C&P
     
  5. cmsurfer

    cmsurfer ºllllllº

    Joined:
    Jun 6, 2003
    Messages:
    5,079
    Likes Received:
    0
    Location:
    NJ
  6. Doc Brown

    Doc Brown Don't make me make you my hobby

    Joined:
    Mar 31, 2006
    Messages:
    16,404
    Likes Received:
    0
    Location:
    Ohio
    You've also got 4 BHO's in there. (browser helper object)

    The only one I would keep is the Spybot S&D one.
     

Share This Page