once agian, regedit/msconfig dissapears. hijackthis log included

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Kemokim

Thread Starter
Joined
Mar 31, 2004
Messages
2
hello there, i have done some searching and found that many have had this problem, i see that usually people download hijackthis and then shows the log file here, and hopefully somebody can help :p

well this is the log (1 hour old winxp install)

Logfile of HijackThis v1.97.7
Scan saved at 16:42:23, on 31-03-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svhosts.exe
C:\WINDOWS\System32\explore.exe
C:\WINDOWS\System32\esoh123.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kim\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft Firewall Service] svhosts.exe
O4 - HKLM\..\Run: [Video] explore.exe
O4 - HKLM\..\Run: [esoh] esoh123.exe
O4 - HKLM\..\RunServices: [Microsoft Firewall Service] svhosts.exe
O4 - HKLM\..\RunServices: [Video] explore.exe
O4 - HKLM\..\RunServices: [esoh] esoh123.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/threatinfo/virusinfo/webscan.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38077.2305208333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

i hope someone can tell me what is wrong, also i´m pretty sure i have the blaster virus since i get the NT/System shutdown every once in awhile. but im still trying to update windows for that one..

Kim Jørgensen
 

Kemokim

Thread Starter
Joined
Mar 31, 2004
Messages
2
oh i have run a few.. i tried a few online ones aswell, just tried norton antivirus 2004 trial, they usually find a trojan or 2, but they clean it. ag bot something.. i think it was called..
 

Triple6

Rob
Moderator
Joined
Dec 26, 2002
Messages
52,933
What you need is to install an antivirus program on your computer. Norton Antivirus is good, AVG is good and free: www.grisoft.com

These are the virus entries:
O4 - HKLM\..\Run: [Microsoft Firewall Service] svhosts.exe
O4 - HKLM\..\Run: [Video] explore.exe
O4 - HKLM\..\Run: [esoh] esoh123.exe
O4 - HKLM\..\RunServices: [Microsoft Firewall Service] svhosts.exe
O4 - HKLM\..\RunServices: [Video] explore.exe
O4 - HKLM\..\RunServices: [esoh] esoh123.exe

Remove them from Hijackthis and then boot into Safe Mode, find and dlete the actual files. Symantec provides removal tools and great instructions; I would recommend going to their website and doing a full online scan which will tell you what viruses you have, then find any removal tools or instructions they have and remove the viruses.

Here's some that may apply:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.e.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.af.html
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.g.html
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top