Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible hijack


  • Please log in to reply

#1
Diane86

Diane86

    Member

  • Member
  • PipPip
  • 78 posts
Hello,
My problem is that I cannot stay on the net for more than 5 mins, everytime i log on. I think i have a browser Hijack. Can someone please look at my log and tell me if it's true and whatever way you can help me thanks

Logfile of HijackThis v1.99.1
Scan saved at 2:58:15 PM, on 6/28/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\Explorer.EXEC:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Carlos.CARLOS-KDQ2JRAT\Local Settings\Temp\Temporary Directory 2 for ivtwin_18_1b.zip\HijackThis.exe

O4 - HKLM\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\btjwrdff.dll",realsetO4 - HKLM\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKCU\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKCU\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1183067344747
O17 -
HKLM\System\CCS\Services\Tcpip\..\{FCAC4446-B4D9-42DF-9F61-BC1C3C774214}: NameServer = 85.255.115.76 85.255.112.149
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: MSIEUpdater_1 (Microsoft IE Updater_1) - Unknown owner - C:\Documents and Settings\Carlos.CARLOS-KDQ2JRAT\ie_updater1.exe (file missing)

Thank you i will appreciate any assitance

Crystal
  • 0

Advertisements


#2
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...&DisplayLang=en
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
Diane86

Diane86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:13:25 PM, on 7/1/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Carlos.CARLOS-KDQ2JRAT\Local Settings\Temp\Temporary Directory 1 for ivtwin_18_1b.zip\HijackThis.exe
O4 - HKLM\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exeO4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\nfvgfhuv.dll",realset
O4 - HKLM\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKCU\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O4 - HKCU\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCAC4446-B4D9-42DF-9F61-BC1C3C774214}: NameServer = 85.255.115.76 85.255.112.149
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: MSIEUpdater_1 (Microsoft IE Updater_1) - Unknown owner - C:\Documents and Settings\Carlos.CARLOS-KDQ2JRAT\ie_updater1.exe (file missing)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP