Hijack.log - simple one.

Discussion in 'adware, spyware & hijack cleaning' started by t0rey, Apr 18, 2004.

Thread Status:
Not open for further replies.
  1. t0rey

    t0rey Registered Member

    Joined:
    Apr 18, 2004
    Posts:
    4
    Location:
    North America
    I've been having a hijacking problem(mk:mad:MSITStore:C:\WINDOWS\start.chm::/start.html) - as so it seems allot of people have been latly.


    Logfile of HijackThis v1.97.7
    Scan saved at 10:53:19 PM, on 4/17/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Works\WkDetect.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\PROGRA~1\DAP\DAP.EXE
    C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
    C:\Program Files\CallWave\IAM.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
    C:\Documents and Settings\Dead Monkey\My Documents\exes\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=go.becker.edu:8080
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O17 - HKLM\System\CCS\Services\Tcpip\..\{320708B4-1AEA-4DB1-9B65-031FD0FBA833}: NameServer = 209.244.0.3 209.244.0.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{320708B4-1AEA-4DB1-9B65-031FD0FBA833}: NameServer = 209.244.0.3 209.244.0.4

    Only ones im not really sure about are the O17, O3, O4.

    Also not 100% sure what the C:\WINDOWS\System32\devldr32.exe is.
     
    Last edited: Apr 18, 2004
  2. t0rey

    t0rey Registered Member

    Joined:
    Apr 18, 2004
    Posts:
    4
    Location:
    North America
    Nevermind about the C:\WINDOWS\System32\devldr32.exe. It's to my SoundBlaster sound card.
     
  3. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    looking at the log

    either you have deleted a lot on the hjt program or set it to ignore

    if it has been deleted then please open hjt press config/backups restore everything and post a new log

    if you have set them to ignore then config/ignore delete everything on the ignoore tab and post anew log

    if you have stopped things loading with msconfig then enable everything with msconfig then post a new log

    we cannot help if we can't see the problem
     
Thread Status:
Not open for further replies.