Hijack.log - simple one.

Discussion in 'adware, spyware & hijack cleaning' started by t0rey, Apr 18, 2004.

Thread Status:
Not open for further replies.
  1. t0rey

    t0rey Registered Member

    Joined:
    Apr 18, 2004
    Posts:
    4
    Location:
    North America
    I've been having a hijacking problem(mk:mad:MSITStore:C:\WINDOWS\start.chm::/start.html) - as so it seems allot of people have been latly.


    Logfile of HijackThis v1.97.7
    Scan saved at 10:53:19 PM, on 4/17/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Works\WkDetect.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\PROGRA~1\DAP\DAP.EXE
    C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
    C:\Program Files\CallWave\IAM.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
    C:\Documents and Settings\Dead Monkey\My Documents\exes\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=go.becker.edu:8080
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O17 - HKLM\System\CCS\Services\Tcpip\..\{320708B4-1AEA-4DB1-9B65-031FD0FBA833}: NameServer = 209.244.0.3 209.244.0.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{320708B4-1AEA-4DB1-9B65-031FD0FBA833}: NameServer = 209.244.0.3 209.244.0.4

    Only ones im not really sure about are the O17, O3, O4.

    Also not 100% sure what the C:\WINDOWS\System32\devldr32.exe is.
     
    Last edited: Apr 18, 2004
    t0rey, Apr 18, 2004
    #1
  2. t0rey

    t0rey Registered Member

    Joined:
    Apr 18, 2004
    Posts:
    4
    Location:
    North America
    Nevermind about the C:\WINDOWS\System32\devldr32.exe. It's to my SoundBlaster sound card.
     
    t0rey, Apr 18, 2004
    #2
  3. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    looking at the log

    either you have deleted a lot on the hjt program or set it to ignore

    if it has been deleted then please open hjt press config/backups restore everything and post a new log

    if you have set them to ignore then config/ignore delete everything on the ignoore tab and post anew log

    if you have stopped things loading with msconfig then enable everything with msconfig then post a new log

    we cannot help if we can't see the problem
     
    dvk01, Apr 18, 2004
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...