MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Hijack Log - please help
August 25, 2019, 11:24:01 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
August 25, 2019, 11:24:01 PM

Login with username, password and session length
 
News
Help us help you! Help us help you by helping out! The more people know about us, the more help will be available. Click here to find out how...
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Hijack Log - please help  (Read 1746 times)
picada
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« on: November 19, 2004, 01:12:31 PM »



PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Win XP SP1
Problem Application Name & Version: Panda Antivirus (?)
Problem Hardware Make & Model:Toshiba Satellite 2140 CDS
Error Messages:<none>



The main prob here is that frequentely my computer becomes slower and stalls. My task manager shows avengine absorving all the resources and the processor usage is around 100% at those particular times.
i also realized i have a process called winxpdll32.exe i can not identify and i guess it may be malicious - this time i ended it in taskmanager.
Here's my hijackthis log. I'll apreciate any help available.
Thank u all in advance.

Logfile of HijackThis v1.98.2
Scan saved at 13:08:11, on 19-11-2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Programas\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\Programas\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=7715
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.20.85.250:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperliga
« Last Edit: November 24, 2004, 04:15:46 PM by picada » Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #1 on: November 19, 2004, 02:34:13 PM »

Please submit this file to Kaspersky File Scanner!!!

http://www.kaspersky.com/remoteviruschk.html
Navigate to this file on your computer and post back the results

C:\WINDOWS\System32\winxpdll32.exe

Run hijack this and place a check beside the following:

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\html\IntraLaunch.CAB

Restart your computer and post a new hijack this log




Logged

John Vickers
picada
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #2 on: November 24, 2004, 03:42:27 PM »


I did what u wrote and in fact, kaspersky IDed winxpdll32.exe as a trojan. That's curious because neither mcafee nor panda IDed this file.
about the new hijackthis log... here it is

Logfile of HijackThis v1.98.2
Scan saved at 16:06:43, on 24-11-2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Programas\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Programas\Opera\opera.exe
C:\Programas\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=7715
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.20.85.250:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperliga
« Last Edit: November 24, 2004, 04:10:27 PM by picada » Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #3 on: November 24, 2004, 04:31:44 PM »

Run hijack this and place a check beside the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=7715
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.20.85.250:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperliga
Logged

John Vickers
picada
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #4 on: November 25, 2004, 02:06:52 PM »

ok, it's done.
New Hijack this log:

Logfile of HijackThis v1.98.2
Scan saved at 14:03:56, on 25-11-2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Programas\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Programas\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &R
Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #5 on: November 25, 2004, 02:09:06 PM »

Your Log is clean.I suggest you get the windows updates.
Prevention
To help in preventing your system from being infected again

* SpywareBlaster will prevent spyware from being installed.
Spywareblaster

* SpywareGuard offers realtime protection from spyware installation attempts.
Spywareguard


To protect yourself further:

* IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
IE/Spyad

* Get the free google toolbar to help stop pop up windows.
Google Toolbar


These steps should be done on a regular basis.

1.You should run a scan with Ad-Aware regularly (Keep the definitions updated)

2.Run windows updates at least once a month

3.Keep your antivirus updated weekly

4.I also suggest that you delete any files from "temp", "tmp" folders.
In Internet Explorer, click on
"Tools" => "Internet Options" => "Delete Files" and select the box that says
"Delete All Offline Content" and click on "OK" twice.




Logged

John Vickers
picada
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #6 on: November 25, 2004, 02:39:31 PM »

Thank u very much for ur help.
I already have Ad-Aware and Spybot Search and Destroy installed is this enough, or should i get Spywareblaster and Spywareguard? are they more trustworthy?
About updates, i don't know why, i just can't get a correct windows update.
i'm still trying to understand this particular problem.
Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #7 on: November 25, 2004, 02:42:43 PM »

I run adaware/spybot/spyware blaster/spyware guard and IE Spyad
Logged

John Vickers
picada
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #8 on: November 25, 2004, 02:46:57 PM »

k! Grin i got the picture...
thanx.
Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #9 on: November 25, 2004, 02:47:55 PM »

As your problems seem to be resolved I will close this thread.
If for any reason you need it reopened please PM a mod and supply a
link to this thread
Logged

John Vickers
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page May 27, 2018, 01:27:35 AM