|
|
||
|
|
08-06-2006, 12:06 AM
|
#1 (permalink) |
|
Bronze Member
 Join Date: Jul 2006
Posts: 37
|
Please Help Me Guys! HIJACK THIS LOG
In desperation mode! Computer is on the fritz and I have a new job starting! Ahhhhhhhh
Thanks so much, here's the log: Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\CB\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24 O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe O4 - HKLM\..\Run: [win32hlp] C:\WINDOWS\system32\win32hlp.exe O4 - HKLM\..\Run: [Windows Task Manager] c:\windows\system32\taskmgn.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - HKCU\..\Run: [Hgetkkt] C:\WINDOWS\system32\SSTEM3~1\TSKMGR~1.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe |
|
|
|
08-06-2006, 12:22 AM
|
#2 (permalink) | ||
|
Diamond Member
 
Join Date: Sep 2005
Posts: 2,093
|
Quote:
Quote:
__________________
ASUS A8N SLi Deluxe Corsair 2GB DDR XMS3200XL Pro TwinX (4x512MB) AMD Athlon 64 X2 939 4600+ @ 2.6 Ghz ATi Radeon HD 3850 @ 680/844 80GB SATA HDD/200GB PATA HDD 1x DVDRW DL 485W PSU, Alpha watercooling Last edited by ghost; 08-06-2006 at 12:25 AM. |
||
|
|
|
|
08-06-2006, 12:38 AM
|
#3 (permalink) |
|
Bronze Member
Join Date: Jul 2006
Posts: 37
|
first - thaks fo ryour help man!
ok so i deleted that first hting u mentioned but i can find n trace of winstall.exe anywhere another curious problem - when i turn off my comp and restartit after it gets to the Windows XP black loading screen my computer automatically shuts down...i have to use it in safe mode to work any other ideas? |
|
|
|
|
08-06-2006, 12:53 AM
|
#4 (permalink) |
|
Diamond Member
Join Date: Sep 2005
Posts: 2,093
|
yeah try safe mode and do the hijack log again, try to find winstall.exe and delete. Then reboot.
__________________
ASUS A8N SLi Deluxe Corsair 2GB DDR XMS3200XL Pro TwinX (4x512MB) AMD Athlon 64 X2 939 4600+ @ 2.6 Ghz ATi Radeon HD 3850 @ 680/844 80GB SATA HDD/200GB PATA HDD 1x DVDRW DL 485W PSU, Alpha watercooling |
|
|
|
|
08-06-2006, 06:20 AM
|
#5 (permalink) |
|
Bronze Member
Join Date: Jul 2006
Posts: 37
|
ok unless i go into safe mode my computer jsut keeps restarting everytime it gets t the Windows XP black loading screen during start-tup.
I found a winstall file in my C: and deleted it along with a bunch of other weird stuff...but still my comp seems to be crazy. Only safe mode works. There is also a red circle with an "X" in it at the bottom of my screen by the clock that says"Your Computer is infected!" Here is latest HJTL: Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\DIGStream\digstream.exe C:\Program Files\ESPNRunTime\DIGServices.exe C:\Program Files\QuickTime\qttask.exe C:\windows\system32\updwebmin.exe C:\Program Files\AIM\aim.exe C:\WINDOWS\system32\svchost.exe c:\yrroeef.exe C:\WINDOWS\system32\wuauclt.exe c:\Program Files\ktkphal.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\CB\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe" O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24 O4 - HKLM\..\Run: [win32hlp] C:\WINDOWS\system32\win32hlp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [updwebmin] c:\windows\system32\updwebmin.exe O4 - HKLM\..\Run: [SysTray] c:\Program Files\ktkphal.exe O4 - HKLM\..\RunServices: [updwebmin] c:\windows\system32\updwebmin.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [updwebmin] c:\windows\system32\updwebmin.exe O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe" O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe |
|
|
|
|
08-06-2006, 05:54 PM
|
#6 (permalink) |
|
Platinum Member
 Join Date: Jan 2006
Posts: 567
|
Please try this.
Reboot your computer. After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select 'Last known Good Config', then press "Enter". If this allows you to get into normal windows, post a new HJT log. |
|
|
|
 |
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| hijack log | speedaccordinly | Computer Security | 2 | 04-11-2006 04:07 PM |
| Hijack This Log | woody | Computer Security | 5 | 01-10-2006 12:11 AM |
| Hijack this Log | Foel | Computer Security | 5 | 08-14-2005 10:37 AM |
| My Hijack This log | james76 | Operating Systems | 1 | 06-28-2005 02:08 PM |
| hijack this log help? | cell4me | Computer Security | 9 | 06-18-2005 10:56 AM |
Hybrid Mode
