HiJackthis log

[bulbasuar]

Logfile of HijackThis v1.99.1
Scan saved at 7:23:04 PM, on 8/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\TweakNow PowerPack\RAM_XP.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Motherboard Monitor 5\MBM5.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\kevin\LOCALS~1\Temp\Rar$EX00.578\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack\RAM_XP.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



Anyone see any problems in here? I know some things are unnessasry link MBM5, but I like to know my current temps, and RamIdle i just have to see what use's the most MBS.
Does Diskeeper work? Thanks

 

[Schadenfroh]

MessengerPlus3 can be bad
http://inetexplorer.mvps.org/answers/43.html

other than that, looks clean

 

[bulbasuar]

I dont see anything like "reports information" or any privacy concerns on that messenger plus dealy, I dont see any addition to my favourites, but I havent used IE since my last format/freshOS a couple months ago, as for new toolbars and desktops icons, I dont have any of that stuff. I didnt notice any running problems with that addon and FireFox.

 

[birdpup]

This log interpreter http://www.hijackthis.de/index.php does not like the following line.
Nasty: R3 - Default URLSearchHook is missing - This entry should be fixed.

 

[bulbasuar]

i dont know what that means :S

 

[birdpup]

Originally posted by: bulbasuar
i dont know what that means :S

Me neither.
I have not used Hijack This and just enjoy reading the output to see if I can spot anything interesting on my own. I then run it through the website analyzer to see if it finds anything I missed.

I would think you need to perform a virus scan and spyware scan in Safe Mode, then rerun Hijack This to see if that line is still in your system.

Follow FlyingPenguin's steps for spyware removal. If you have difficulty following these steps, a less complete solution can be to install Microsoft's Anti-Spyware program, reboot, and scan the system for spyware with MS Anti-Spyware in Safe Mode. Safe Mode is accessed by selecting the F8 key during the bios POST operation.

http://TheFlyingPenguin.com/spyware-removal.shtml.