Tech Support Forum - View Single Post

frustratedIam · 04-19-2005, 04:16 PM

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 3:04:57 PM, on 4/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Documents and Settings\Owner\My Documents\My Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/info/e-center-p
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/info/e-center-p
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4nb.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Systemboot] msnsngr.exe
O4 - HKLM\..\RunServices: [Systemboot] msnsngr.exe
O4 - HKCU\..\Run: [Systemboot] msnsngr.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

End of KRC HijackThis Analyzer Log.
====================================================================
mwav log
File C:\Program Files\Common Files\wfwo\wfwop.exe infected by "not-a-virus:AdWare.Xupiter.m" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\8D77323E-1D11-4BEB-9B6A-439835\416F8969-7F58-45FB-89F1-54C0F0 infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\8D77323E-1D11-4BEB-9B6A-439835\C510936E-8086-44FA-9511-B4FE7E infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\8D77323E-1D11-4BEB-9B6A-439835\CF5FC505-D128-40DF-91CA-4B8A1E infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\FC55BF51-C523-46AF-A7E0-8F6811\E899C4A3-7F34-41CC-814D-3BE3EA infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP42\A0003814.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP45\A0003854.exe infected by "not-a-virus:AdWare.WinAD.k" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP45\A0003855.dll infected by "not-a-virus:AdWare.WinAD.m" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP48\A0003937.exe infected by "not-a-virus:AdWare.Xupiter.m" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP49\A0004268.exe infected by "Backdoor.Win32.SdBot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\new1.exe infected by "Backdoor.Win32.SdBot.gen" Virus. Action Taken: No Action Taken.

04-19-2005, 04:16 PM	#10 (permalink)
frustratedIam Registered User Join Date: Apr 2005 Posts: 114 OS: xp	result log and mwav log ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 3:04:57 PM, on 4/19/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\Documents and Settings\Owner\My Documents\My Downloads\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/info/e-center-p R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/info/e-center-p R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4nb.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/ O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK O4 - HKLM\..\Run: [Systemboot] msnsngr.exe O4 - HKLM\..\RunServices: [Systemboot] msnsngr.exe O4 - HKCU\..\Run: [Systemboot] msnsngr.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe End of KRC HijackThis Analyzer Log. ==================================================================== mwav log File C:\Program Files\Common Files\wfwo\wfwop.exe infected by "not-a-virus:AdWare.Xupiter.m" Virus. Action Taken: No Action Taken. File C:\Program Files\Microsoft AntiSpyware\Quarantine\8D77323E-1D11-4BEB-9B6A-439835\416F8969-7F58-45FB-89F1-54C0F0 infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken. File C:\Program Files\Microsoft AntiSpyware\Quarantine\8D77323E-1D11-4BEB-9B6A-439835\C510936E-8086-44FA-9511-B4FE7E infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken. File C:\Program Files\Microsoft AntiSpyware\Quarantine\8D77323E-1D11-4BEB-9B6A-439835\CF5FC505-D128-40DF-91CA-4B8A1E infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken. File C:\Program Files\Microsoft AntiSpyware\Quarantine\FC55BF51-C523-46AF-A7E0-8F6811\E899C4A3-7F34-41CC-814D-3BE3EA infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP42\A0003814.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP45\A0003854.exe infected by "not-a-virus:AdWare.WinAD.k" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP45\A0003855.dll infected by "not-a-virus:AdWare.WinAD.m" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP48\A0003937.exe infected by "not-a-virus:AdWare.Xupiter.m" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP49\A0004268.exe infected by "Backdoor.Win32.SdBot.gen" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\new1.exe infected by "Backdoor.Win32.SdBot.gen" Virus. Action Taken: No Action Taken.