Jump to content


Photo

please help me with this hijack this log


  • Please log in to reply
1 reply to this topic

#1 kripau2000

kripau2000

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 19 July 2004 - 11:03 PM

please help me with this hijack this log

Logfile of HijackThis v1.98.0
Scan saved at 12:02:40 PM, on 7/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\iemu32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\sxvhost.exe
C:\WINDOWS\system32\atlnm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uxhuf.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://uxhuf.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://uxhuf.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\uxhuf.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uxhuf.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://uxhuf.dll/index.html#96676
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C710E428-2D83-FC41-D629-5B6F55DC1BD2} - C:\WINDOWS\sdkzm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [apizd32.exe] C:\WINDOWS\system32\apizd32.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [Microsoft--Updates] sxvhost.exe
O4 - HKLM\..\Run: [atlnm.exe] C:\WINDOWS\system32\atlnm.exe
O4 - HKLM\..\RunServices: [Microsoft--Updates] sxvhost.exe
O4 - HKLM\..\RunOnce: [mfcye32.exe] C:\WINDOWS\mfcye32.exe
O4 - HKLM\..\RunOnce: [sdkzn.exe] C:\WINDOWS\sdkzn.exe
O4 - HKLM\..\RunOnce: [netre.exe] C:\WINDOWS\netre.exe
O4 - HKLM\..\RunOnce: [winal32.exe] C:\WINDOWS\winal32.exe
O4 - HKLM\..\RunOnce: [iesb.exe] C:\WINDOWS\iesb.exe
O4 - HKLM\..\RunOnce: [iemu32.exe] C:\WINDOWS\system32\iemu32.exe
O4 - HKLM\..\RunOnce: [appsk.exe] C:\WINDOWS\appsk.exe
O4 - HKLM\..\RunOnce: [mskm32.exe] C:\WINDOWS\mskm32.exe
O4 - HKLM\..\RunOnce: [ipev.exe] C:\WINDOWS\system32\ipev.exe
O4 - HKLM\..\RunOnce: [iexp.exe] C:\WINDOWS\iexp.exe
O4 - HKLM\..\RunOnce: [ipnw.exe] C:\WINDOWS\system32\ipnw.exe
O4 - HKLM\..\RunOnce: [apibr.exe] C:\WINDOWS\apibr.exe
O4 - HKLM\..\RunOnce: [ntqn.exe] C:\WINDOWS\ntqn.exe
O4 - HKLM\..\RunOnce: [iefg.exe] C:\WINDOWS\system32\iefg.exe
O4 - HKLM\..\RunOnce: [ntvf.exe] C:\WINDOWS\ntvf.exe
O4 - HKLM\..\RunOnce: [appzu.exe] C:\WINDOWS\system32\appzu.exe
O4 - HKLM\..\RunOnce: [sysdq32.exe] C:\WINDOWS\sysdq32.exe
O4 - HKLM\..\RunOnce: [iprb.exe] C:\WINDOWS\iprb.exe
O4 - HKLM\..\RunOnce: [ipkw.exe] C:\WINDOWS\system32\ipkw.exe
O4 - HKLM\..\RunOnce: [mseo32.exe] C:\WINDOWS\mseo32.exe
O4 - HKLM\..\RunOnce: [apigo.exe] C:\WINDOWS\apigo.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{83C37521-2258-4E52-94D5-1CBED124D094}: NameServer = 202.78.97.2 202.78.97.41

#2 pomp

pomp

    Forum Deity

  • Helper
  • PipPipPipPipPip
  • 1,163 posts

Posted 19 July 2004 - 11:07 PM

hey

Could you go here http://www.downloads...AboutBuster.zip download that and unzip to your desktop. Then restart your computer into safe mode.

Run about:buster twice and saving the log to each scan.

Boot back into normal mode and post both logs from A:b and a new hijackthis log. Thanks.




PLEASE DON'T PM ME OR EMAIL ME WITH HELP ON LOGS :). POST IN THE FORUM INSTEAD




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button