hijack log

hi
i did an ad-aware scan before posting this-

Logfile of HijackThis v1.97.7
Scan saved at 17:45:27, on 11/01/2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\scvhost.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Norman\NVC\BIN\Zanda.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\WINNT\System32\devldr32.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\downloaded programes\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/
O1 - Hosts: 203.161.127.141 www.dcsresearch.com
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [MSConfig] C:\downloaded programes\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37989.5695949074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4311/mcfscan.cab

 

hello mrpaul ,

and do wait for some experts to take care of ur probz...
(there is a C:\WINNT\System32\scvhost.exe ) in ur log with some more like that in
O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe... when it should be svchost.exe
[scvhost - scvhost.exe - Process Information

Process File: scvhost or scvhost.exe
Process Name: Scvhost
Description: Added to the System as a result of the W32/Agobot-S VIRUS! which is a IRC backdoor Trojan and network worm. W32/Agobot-S copies itself to network shares with weak passwords and attempts to spread to computers using the DCOM RPC and the RPC locator vulnerabilities.
Company: N/A
System Process: No
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): Yes
Common Errors: N/A]

experts here will throw more light in the matter
thx

 

Hi mrpaul,

Fix the following with HijackThis :

O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe

Restart the PC after doing so and remove :

scvhost.exe <- this file from your PC (make sure its svchost.exe and not svchost.ee! That one is legit.

It's also always a good idea to do a checkup online scan :

Bitdefender

and / or here :

TrendMicro

Hope this helps,

Cheers,

 

hi
i did this but i'm still having the same problems

i also did the online scan but the pc didn't like it & guess what...........it crashed!

i'm not having much luck