PDA

View Full Version : About to blow up computer - HJT log. *sigh*

sellout007
02-08-2005, 11:45 AM
Logfile of HijackThis v1.97.7
Scan saved at 1:32:50 PM, on 2/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Yahoo!\browser\YBrowser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Daniel\Desktop\Antispyware\HiJackThis\Hij ackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Daniel\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Daniel\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {04BB3546-1306-4145-84A9-3B87B4C336EA} - C:\WINDOWS\System32\ejokieb.dll
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Daniel\LOCALS~1\Temp\se.dll,DllInstall
O17 - HKLM\System\CCS\Services\Tcpip\..\{959EA12D-B1F2-409D-ACFF-587C9313462B}: NameServer = 209.244.0.3 209.244.0.4





The majior culprit for me is C:\WINDOWS\System32\rundll32.exe


I want to kill it, I want it to die and I want it to suffer.


Also what the hell are these?!?! GRRRR

C:\WINDOWS\System32\nvsvc32.exe


I usually get others with the 32 at the end, but for now they are not present.
sellout007
02-08-2005, 11:51 AM
ARGA AL JWEL:L K:WEJFL: JDFJ DSLF kl;df dasjf ;asjf l;ajdf


Oh my frustration! All i want to do is check my email!!!!!!! Every time I go to check my email through trillian or just go to yahoo it fuges up! Changes my browser to some crap ass search for stuff.
nightowl
02-08-2005, 02:55 PM
rundll32.exe and nvsvc32.exe are good files I would not delete them. Is this your complete log?