Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Heres My Log, Please Help Me.


  • This topic is locked This topic is locked
2 replies to this topic

#1 barklynt

barklynt

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 19 June 2006 - 08:34 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:23:38 PM, on 19-Jun-06
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\msndn.exe
C:\WINDOWS\update\updmgr.exe
C:\WINDOWS\update\updmangr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
G:\Library\applications\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcyxur.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Microsoft Internel Corporat] smbvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Internel Corporat] smbvhost.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Startup: .protected
O4 - Global Startup: .protected
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D080554-9461-4862-85D6-EA9173D53D9E}: NameServer = 203.49.70.20 139.134.2.190
O20 - Winlogon Notify: ddcyxur - C:\WINDOWS\SYSTEM32\ddcyxur.dll
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Indexing Service (cisvc) - Unknown owner - C:\WINDOWS\System32\cisvc.exe (file missing)
O23 - Service: Microsoft Networks DN (msndn) - Unknown owner - C:\WINDOWS\msndn.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Windows NT Session Manager (SMSS) - Unknown owner - C:\WINDOWS\smss.exe (file missing)
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe
O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - C:\WINDOWS\update\updmangr.exe

BC AdBot (Login to Remove)

 


m

#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:04 PM

Posted 19 June 2006 - 08:42 AM

Welcome.. :thumbsup: There's a lot of stuff there..

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection.
Click here: http://www.microsoft.com/downloads/details...&DisplayLang=en

Do NOT install Service Pack 2 yet!!

Reboot and post back with a fresh HijackThis log. :flowers:

Edited by Rawe, 19 June 2006 - 08:50 AM.

Hi there, stranger!

#3 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:04 PM

Posted 23 June 2006 - 06:15 AM

Due to lack of feedback, this thread has been closed. If you're the original poster and need this Topic reopened, please PM a Staff member with the address of this thread.
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users