Can you please check this HijackThis log out

  sat481 21:14 02 Nov 05
Locked

C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\Ati2evxx.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\system32\Ati2evxx.exe


C:\WINDOWS\Explorer.EXE


C:\WINDOWS\system32\spoolsv.exe


C:\WINDOWS\System32\Mousexp.exe


C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe


C:\Program Files\HP\hpcoretech\hpcmpmgr.exe


C:\Rage3DTweak\RegTwk.exe


C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe


C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe


C:\Program Files\HP\HP Software Update\HPWuSchd2.exe


C:\WINDOWS\system32\ctfmon.exe


C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe


C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe


C:\WINDOWS\system32\drivers\dcfssvc.exe


C:\rage3dtweak\gameutil.exe


C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe




C:\WINDOWS\System32\svchost.exe


C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe


C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe


C:\Program Files\blueyonder IST\bin\mpbtn.exe


C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe


C:\WINDOWS\System32\HPZipm12.exe


C:\WINDOWS\system32\wuauclt.exe


C:\Program Files\Internet Explorer\iexplore.exe


C:\Program Files\Messenger\msmsgs.exe


C:\Program Files\HP\hpcoretech\comp\hpdarc.exe


C:\Program Files\MSN Toolbar Suite\SL\02.05.0001.1119\en-gb\msn_sl.exe


C:\Documents and Settings\John\My Documents\My Received Files\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = click here


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = click here


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here


R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = click here


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;localhost; local>


O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat


5.0\Reader\ActiveX\AcroIEHelper.ocx


O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar

Suite\TB\02.05.0000.1082\en-gb\msntb.dll


O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar

Suite\TB\02.05.0000.1082\en-gb\msntb.dll


O4 - HKLM\..\Run: [MOUSE] C:\WINDOWS\System32\Mousexp.exe


O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe


O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe


O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"


O4 - HKLM\..\Run: [RegTweak] C:\Rage3DTweak\RegTwk.exe


O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP


O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe


O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe


O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe


O4 - Startup: PowerReg Scheduler V3.exe


O4 - Startup: Xfire.lnk = E:\Xfire\Xfire.exe


O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe


O4 - Global Startup: CreataCard Gold 2 Forget Me Not Reminders.lnk = D:\creatacard\fmrmd32.exe


O4 - Global Startup: gameutil.exe.lnk = ?


O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe


O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe


O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

  sat481 21:15 02 Nov 05

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar

Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe


O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar

Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm


O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000


O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar

Suite\TAB\02.05.0000.1110\en-gb\msntabres.dll/229?dd16bbd9fd3847188a877521e6bf431a


O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar

Suite\TAB\02.05.0000.1110\en-gb\msntabres.dll/230?dd16bbd9fd3847188a877521e6bf431a


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe


O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing


O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll


O14 - IERESET.INF: START_PAGE_URL=click here


O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - click here


O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
click here


O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
click here


O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe


O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe


O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe


O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe


O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe


O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

  stalion 21:18 02 Nov 05

sorry but you have to post these on the malaware forum now click here

  sat481 21:23 02 Nov 05

Thanks will do

Been a while since I been here and its all new

Sat

  woodchip 21:30 02 Nov 05

This does not need to run at startup Remove tick in MSCONFIG from Run box

Remove

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - click here

  woodchip 21:33 02 Nov 05

Remove tick for this Xfire.exe in MSCONFIG

  sat481 09:50 03 Nov 05

Thanks Woodchip..

Sat

This thread is now locked and can not be replied to.

How to get Windows 10 for free | How to install Windows 10: There is still a way to avoid paying…

1995-2015: How technology has changed the world in 20 years

Alex Chinneck’s giant ice cube Christmas tree at Kings Cross

Apple rumours & predictions 2017: The iPhone 8, new iPads, and everything else you should expect fr7…