[could someone help me] -


could someone help me

Discuss could someone help me


Posted by: nev

Hi ,
I first posted my hijack this log in the hardware forum (I though something was wrong with my hard disks)
They adviced me to post it in this section. Well here is my log:
Logfile of HijackThis v1.97.7
Scan saved at 11:46:10 AM, on 5/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\17n.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\17n.exe
C:\Documents and Settings\Nevinson.YOUR-6PDPT9YPA2\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yahoo.com/[/url]
O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\system32\oqq.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LUPGCONF] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\LUpgConf.exe" /RunOnce:3_02_01
O4 - HKLM\..\RunOnce: [lwyl6.exe] C:\WINDOWS\System32\lwyl6.exe /k
O4 - HKCU\..\RunOnce: [lwyl6.exe] C:\WINDOWS\System32\lwyl6.exe /k
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - [url]http://download.macromedia.com/pub/...director/sw.cab[/url]
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/...all/xscan53.cab[/url]
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - [url]http://download.yahoo.com/dl/mail/autocomplete.cab[/url]


Please advice
Nev


Posted by: Warez Monster

Your log wasnt to bad.


C:\WINDOWS\System32\17n.exe This is an unknown processes Removed this on your own or get another suggestion.

The rest should be removed.

O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\system32\oqq.dll Entries found in this registry zone are potentially nasty. This application ([A78860C8-EE1A-46DF-A97F-E3E6D433E80B] - Result: A78860C8-EE1A-46DF-A97F-E3E6D433E80B) has been checked.

O4 - HKLM\..\RunOnce: [lwyl6.exe] C:\WINDOWS\System32\lwyl6.exe /k It seems that the name of this program is the same as the name of the file. In the most cases this is the result of trojans. To be sure, you should check this file.

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/...all/xscan53.cab[/url] This entry is possibly nasty.


Posted by: nev

Thanks,
I got it fixed


Nev


Posted by: Warez Monster

Np....Glad I could help