« previous next »
Pages: [1]

Author Topic: HiJack This Log  (Read 346 times)

Offline Riku

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
HiJack This Log
« on: November 27, 2005, 12:14:28 AM »
Logfile of HijackThis v1.99.1
Scan saved at 11:06:09 PM, on 11/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\AOL\1132879692\ee\aolsoftware.exe
c:\program files\common files\aol\1132879692\ee\aim6.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrolEx.exe
C:\Documents and Settings\Nick\Desktop\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [Task Catcher] C:\Program Files\BillP Studios\Task Catcher\tasktrap.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Microsoft Security Pansasagers] sgpzxuism.exe
O4 - HKLM\..\RunServices: [Microsoft Security Pansasagers] sgpzxuism.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll

New to this site, but anyway...The problem here is the Microsoft Security Pansasagers.  I'm trying to remove it from startup and my registry b/c it's renaming itself every time I delete it in any way.  I found a file in my C:  one time that seemed to be doing downloads for it, but after deleting it, it renamed the 'Pansasagers' file and  I assume relocated itself to another point on my computer.  This file had some details that said "Dark Angel" something, I don't remember everything.  Anyway, my TeaTimer and WinPatrol or subsequently catching it trying to push the sgpzxuism.exe file onto my start-up programs.  Just mainly the problem is it's i this ODD place in my registry with a mispelled title "Systam drivers" and I don't know it's effects but even somewhat controlled (I have it disabled in WinPatrol) it's severely bugging me because WinPatrol keeps catching it doing updates every other minute.  Any ideas how to get rid of this?

Also, I thought it was weird that I had 3 svchost.exe's.
« Last Edit: November 27, 2005, 12:16:35 AM by Riku »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
HiJack This Log
« Reply #1 on: November 28, 2005, 12:44:41 AM »
Have you been fixing entries with Hijackthis already?

Can you also do the following
Download:  Registry Search Tool from this link
http://billsway.com/vbspage/

Unzip and double-click "RegSrch.vbs"
Note: if your Antivirus or another program prompts about running a ".vbs" file, allow the script to run

In the open field copy and paste the below in bold then hit OK

sgpzxuism.exe

Wait for the results and post them back here
also post the startuplist log you saved earlier
« Last Edit: November 28, 2005, 12:50:22 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »