|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
12-20-2007, 11:44 PM
|
#1 (permalink) |
|
Registered User
|
HijackThis Log first time user
Hi just used CWShredder then Spybot(found 11 entries and fixed) then Ad-aware (found crititical trojan and fixed) and then used Hijackthis last and have the following log file to show any professionals. I'm scared of deleting anything and would like to know from someone what's good and what's bad? I'll read up on the Malware help link in this forums also to educate myself. Thanks in advance.
Logfile of HijackThis v1.99.1 Scan saved at 3:51:33 PM, on 21/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\Styles\LOCALS~1\Temp\Rar$EX00.703\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe P.S I forgot to mention that I am using AVG 7.5 for Anti-virus fully updated of course. Last edited by JasonStyles : 12-20-2007 at 11:47 PM. |
|
     |
|
12-21-2007, 08:29 PM
|
#3 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista
|
Re: HijackThis Log first time user
Hello JasonStyles and welcome to TSF,
We prefer a more comprehensive set of logs to assist in detecting any malware that may be present. As noted in our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log, download Deckard's System Scanner (DSS) to your Desktop. What DSS will do:
Note: You must be logged onto an account with administrator privileges.
Please include the following in your next reply: main.txt an attached extra.txt |
|
|
|
|
12-22-2007, 09:57 PM
|
#4 (permalink) |
|
Registered User
|
Re: HijackThis Log first time user
Sorry I've not posted earlier..i've been having problems setting up my new computer with ASROCK 4Coredual-SATA2. Everything is okay except for loading windows occasionally it freezes. Spent all night reading over 50 pages of forums for Anandtech about solutions. NOTE: I scanned with Trendmicro Housecall yesterday and it found one infection that was a grayware/malware and it was hidden in wife's stuff folder called eye...?.exe Looked very sinister anyway and it was deleted. Read heaps about spyware yesterday also and have downloaded reliable programs/utilities/tools from the links you guys have here. I'll be installing rest after posting this. Thanks for reply Ried :)
Deckard's System Scanner v20071014.68 Run by Styles on 2007-12-23 14:35:46 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 6: 2007-12-23 04:35:49 UTC - RP22 - Deckard's System Scanner Restore Point 5: 2007-12-22 06:01:06 UTC - RP21 - Configured Platform 4: 2007-12-22 05:48:06 UTC - RP20 - Configured Platform 3: 2007-12-21 12:49:45 UTC - RP19 - Installed Seagate DiscWizard 2: 2007-12-21 12:45:28 UTC - RP18 - Installed SeaTools for Windows -- First Restore Point -- 1: 2007-12-21 08:39:49 UTC - RP17 - Friday 6:38pm Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2007-12-23 14:38:18 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe C:\Program Files\Grisoft\AVG7\avgamsvr.exe C:\Program Files\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Grisoft\AVG7\avgemc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Styles\Desktop\dss.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" O4 - HKLM\..\RunOnce: [ATIPRB] C:\WINDOWS\system32\atiprbxx.exe /g O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- End of file - 5347 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 tifsfilter (Acronis True Image FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; Acronis True Image> S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys <Not Verified; Conexant Systems, Inc; UIU HW Access x86 Driver (SYS)> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- All services whitelisted. -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E969-E325-11CE-BFC1-08002BE10318} Description: Standard floppy disk controller Device ID: ACPI\PNP0700\4&2817EC26&0 Manufacturer: (Standard floppy disk controllers) Name: Standard floppy disk controller PNP Device ID: ACPI\PNP0700\4&2817EC26&0 Service: fdc Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318} Description: ECP Printer Port Device ID: ACPI\PNP0401\1 Manufacturer: (Standard port types) Name: ECP Printer Port (LPT1) PNP Device ID: ACPI\PNP0401\1 Service: Parport Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318} Description: Communications Port Device ID: ACPI\PNP0501\1 Manufacturer: (Standard port types) Name: Communications Port (COM1) PNP Device ID: ACPI\PNP0501\1 Service: Serial -- Files created between 2007-11-23 and 2007-12-23 ----------------------------- 2007-12-22 20:02:13 0 d-------- C:\Documents and Settings\Styles\.housecall6.6 2007-12-22 20:00:38 0 d-------- C:\WINDOWS\Sun 2007-12-22 18:02:16 0 d-------- C:\Documents and Settings\Styles\Application Data\SiteAdvisor 2007-12-22 18:02:16 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2007-12-22 18:02:16 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2007-12-22 16:58:32 516096 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart> 2007-12-22 15:30:56 6861 -ra------ C:\WINDOWS\system32\drivers\UIUSYS.SYS <Not Verified; Conexant Systems, Inc; UIU HW Access x86 Driver (SYS)> 2007-12-21 22:55:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Seagate 2007-12-21 22:50:14 32768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys <Not Verified; Acronis; Acronis True Image> 2007-12-21 22:49:47 0 d-------- C:\Program Files\Common Files\Seagate 2007-12-21 22:45:29 0 d-------- C:\Program Files\Seagate 2007-12-21 20:04:43 0 d-------- C:\Documents and Settings\Styles\Application Data\Ahead 2007-12-21 20:01:01 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20> 2007-12-21 20:01:00 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Nero AG; Nero AG NeroCheck> 2007-12-21 20:01:00 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2007-12-21 20:01:00 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2007-12-21 20:01:00 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2007-12-21 17:32:11 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4> 2007-12-21 17:32:11 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS> 2007-12-21 17:32:10 0 d-------- C:\Program Files\Common Files\Ahead 2007-12-21 17:32:07 0 d-------- C:\Program Files\Ahead 2007-12-21 15:01:41 0 d-------- C:\Documents and Settings\Styles\Application Data\Lavasoft 2007-12-21 15:01:18 0 d-------- C:\Program Files\Lavasoft 2007-12-21 14:37:58 0 d--hs---- C:\WINDOWS\CSC 2007-12-21 05:46:55 0 d-------- C:\Program Files\MSXML 6.0 2007-12-21 00:45:58 0 d-------- C:\Program Files\MSBuild 2007-12-21 00:43:29 0 d-------- C:\WINDOWS\system32\XPSViewer 2007-12-21 00:43:02 0 d-------- C:\Program Files\Reference Assemblies 2007-12-21 00:42:18 0 d-------- C:\51a889cd9dbd41bb9d50 2007-12-21 00:38:23 0 d-------- C:\WINDOWS\system32\URTTemp 2007-12-20 23:20:54 45056 --a------ C:\WINDOWS\system32\vusetup.dll 2007-12-20 23:20:36 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller> 2007-12-20 12:31:30 0 d-------- C:\Program Files\Windows Media Connect 2 2007-12-20 12:30:39 0 d-------- C:\WINDOWS\system32\LogFiles 2007-12-20 12:30:39 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-12-20 12:04:30 0 d-------- C:\WINDOWS\RegisteredPackages 2007-12-20 07:23:37 0 d--hs---- C:\WINDOWS\Installer 2007-12-20 07:23:37 0 d-------- C:\Program Files\Common Files\ODBC 2007-12-20 07:23:34 0 dr------- C:\Program Files 2007-12-20 07:23:34 0 d-------- C:\Program Files\Common Files 2007-12-20 07:23:34 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-12-20 07:23:12 0 d--h----- C:\Documents and Settings\Default User\Templates 2007-12-20 07:23:12 0 dr------- C:\Documents and Settings\Default User\Start Menu 2007-12-20 07:23:12 0 dr-h----- C:\Documents and Settings\Default User\SendTo 2007-12-20 07:23:12 0 d--h----- C:\Documents and Settings\Default User\Recent 2007-12-20 07:23:12 0 d--h----- C:\Documents and Settings\Default User\PrintHood 2007-12-20 07:23:12 0 d--h----- C:\Documents and Settings\Default User\NetHood 2007-12-20 07:23:12 0 d-------- C:\Documents and Settings\Default User\My Documents 2007-12-20 07:23:12 0 dr-h----- C:\Documents and Settings\Default User\Local Settings 2007-12-20 07:23:12 0 d-------- C:\Documents and Settings\Default User\Favorites 2007-12-20 07:23:12 0 d-------- C:\Documents and Settings\Default User\Desktop 2007-12-20 07:23:12 0 d---s---- C:\Documents and Settings\Default User\Cookies 2007-12-20 07:23:12 0 d--h----- C:\Documents and Settings\All Users\Templates 2007-12-20 07:23:12 0 dr------- C:\Documents and Settings\All Users\Start Menu 2007-12-20 07:23:12 0 d-------- C:\Documents and Settings\All Users\Favorites 2007-12-20 07:23:12 0 dr------- C:\Documents and Settings\All Users\Documents 2007-12-20 07:23:12 0 d-------- C:\Documents and Settings\All Users\Desktop 2007-12-20 07:23:00 0 d-------- C:\WINDOWS\system32\CatRoot2 2007-12-20 07:23:00 0 d-------- C:\WINDOWS\system32\CatRoot 2007-12-20 07:22:55 0 dr-h----- C:\Documents and Settings\Default User\Application Data 2007-12-20 07:22:55 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft 2007-12-20 07:22:54 0 dr-h----- C:\Documents and Settings\All Users\Application Data 2007-12-20 07:22:54 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft 2007-12-20 07:22:36 0 d--hs---- C:\System Volume Information 2007-12-20 07:22:36 0 d-------- C:\Documents and Settings 2007-12-20 07:18:21 0 d-------- C:\WINDOWS 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\WinSxS 2007-12-20 07:18:21 0 dr------- C:\WINDOWS\Web 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\twain_32 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\wins 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\wbem 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\usmt 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\spool 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\ShellExt 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\Setup 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\ras 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\oobe 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\npp 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\mui 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\inetsrv 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\IME 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\icsxml 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\ias 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\export 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\drivers 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\drivers\etc 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\drivers\disdn 2007-12-20 07:18:21 0 dr-hs--c- C:\WINDOWS\system32\dllcache 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\dhcp 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\config 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\3com_dmi 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\3076 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\2052 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\1054 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\1042 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\1041 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\1037 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\1033 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\1031 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\1028 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system32\1025 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\system 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\security 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\Resources 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\repair 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\Provisioning 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\PeerNet 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\pchealth 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\mui 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\msapps 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\msagent 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\Media 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\java 2007-12-20 07:18:21 0 d--h----- C:\WINDOWS\inf 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\ime 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\Help 2007-12-20 07:18:21 0 dr--s---- C:\WINDOWS\Fonts 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\ehome 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\Driver Cache 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\Debug 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\Cursors 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\Connection Wizard 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\Config 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\AppPatch 2007-12-20 07:18:21 0 d-------- C:\WINDOWS\addins 2007-12-20 05:25:34 0 d-------- C:\WINDOWS\network diagnostic 2007-12-20 05:02:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2007-12-20 03:40:14 0 d-------- C:\WINDOWS\system32\appmgmt 2007-12-20 02:58:09 0 d--h----- C:\WINDOWS\PIF 2007-12-20 02:34:26 0 d------c- C:\WINDOWS\system32\DRVSTORE 2007-12-20 01:46:27 0 d-------- C:\Documents and Settings\Styles\Application Data\Ventrilo 2007-12-20 01:36:30 0 d-------- C:\Program Files\Ventrilo 2007-12-20 01:36:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-20 01:27:03 0 d-------- C:\Program Files\Common Files\Adobe 2007-12-20 01:27:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2007-12-20 00:24:38 247296 --a------ C:\WINDOWS\azssuninst.exe 2007-12-20 00:24:36 100864 --a------ C:\WINDOWS\keyhook3.dll 2007-12-20 00:24:33 544520 --a------ C:\WINDOWS\Monkey2.scr <Not Verified; Alien Zone - Cybercorp; ShowTime!> 2007-12-20 00:24:32 936765 --a------ C:\WINDOWS\Monkey2.exe <Not Verified; Macromedia, Inc.; Flash 5.0> 2007-12-20 00  39 0 d-------- C:\Documents and Settings\Styles\Application Data\AdobeUM2007-12-19 23:58:40 0 --a------ C:\WINDOWS\nsreg.dat 2007-12-19 23:58:36 0 d-------- C:\Documents and Settings\Styles\Application Data\Mozilla 2007-12-19 23:51:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-19 23:47:53 0 d--hs---- C:\Documents and Settings\Styles\UserData 2007-12-19 23:26:24 0 d-------- C:\Documents and Settings\Styles\Application Data\AVG7 2007-12-19 23:26:16 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-12-19 23:26:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-19 23:26:06 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-12-19 23:23:56 0 d-------- C:\Program Files\OpenOffice.org 2.2 2007-12-19 23:23:42 0 d-------- C:\Program Files\Java 2007-12-19 23:23:42 0 d-------- C:\Program Files\Common Files\Java 2007-12-19 23:23:33 0 d-------- C:\Documents and Settings\Styles\Application Data\Sun 2007-12-19 23:17:36 0 d-------- C:\Documents and Settings\Styles\Application Data\atitray 2007-12-19 22:50:46 0 --a------ C:\WINDOWS\ativpsrm.bin 2007-12-19 22:39:29 0 d-------- C:\Program Files\MultiRes 2007-12-19 22:38:47 0 d-------- C:\Program Files\Radeon Omega Drivers 2007-12-19 22:23:38 0 d-------- C:\Program Files\Driver Cleaner Pro 2007-12-19 22:22:45 0 d-------- C:\Documents and Settings\Styles\Application Data\Adobe 2007-12-19 22:14:17 0 d-------- C:\WINDOWS\system32\PreInstall 2007-12-19 22:14:15 0 d--h----- C:\WINDOWS\$hf_mig$ 2007-12-19 22:09:19 0 d-------- C:\Program Files\VIA 2007-12-19 22:08:42 0 d-------- C:\WINDOWS\system32\ReinstallBackups 2007-12-19 22:08:38 0 d-------- C:\WINDOWS\vnDrvBas 2007-12-19 22:07:23 10288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2007-12-19 22:03:58 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-12-19 22:03:39 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2007-12-19 21:56:27 0 d-------- C:\WINDOWS\system32\Data 2007-12-19 21:56:26 0 d-------- C:\Program Files\Creative 2007-12-19 21:56:18 0 d-------- C:\Program Files\Common Files\InstallShield 2007-12-19 21:51:51 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-12-19 21:42:05 0 d-------- C:\Documents and Settings\Styles\Application Data\Identities 2007-12-19 21:41:58 0 d--h----- C:\Documents and Settings\Styles\Templates 2007-12-19 21:41:58 0 dr------- C:\Documents and Settings\Styles\Start Menu 2007-12-19 21:41:58 0 dr-h----- C:\Documents and Settings\Styles\SendTo 2007-12-19 21:41:58 0 dr-h----- C:\Documents and Settings\Styles\Recent 2007-12-19 21:41:58 0 d--h----- C:\Documents and Settings\Styles\PrintHood 2007-12-19 21:41:58 2883584 --ah----- C:\Documents and Settings\Styles\NTUSER.DAT 2007-12-19 21:41:58 0 d--h----- C:\Documents and Settings\Styles\NetHood 2007-12-19 21:41:58 0 dr------- C:\Documents and Settings\Styles\My Documents 2007-12-19 21:41:58 0 d--h----- C:\Documents and Settings\Styles\Local Settings 2007-12-19 21:41:58 0 dr------- C:\Documents and Settings\Styles\Favorites 2007-12-19 21:41:58 0 d-------- C:\Documents and Settings\Styles\Desktop 2007-12-19 21:41:58 0 d--hs---- C:\Documents and Settings\Styles\Cookies 2007-12-19 21:41:58 0 dr-h----- C:\Documents and Settings\Styles\Application Data 2007-12-19 21:38:44 0 d-------- C:\WINDOWS\SoftwareDistribution 2007-12-19 21:38:31 0 d---s---- C:\WINDOWS\system32\Microsoft 2007-12-19 21:38:31 0 d-------- C:\WINDOWS\Prefetch 2007-12-19 21:38:30 1572864 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT 2007-12-19 21:38:30 0 d--h----- C:\Documents and Settings\LocalService\Local Settings 2007-12-19 21:38:30 0 d--hs---- C:\Documents and Settings\LocalService\Cookies 2007-12-19 21:38:30 0 d-------- C:\Documents and Settings\LocalService\Application Data 2007-12-19 21:38:30 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft 2007-12-19 21:38:14 1572864 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT 2007-12-19 21:38:14 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings 2007-12-19 21:38:14 0 d---s---- C:\Documents and Settings\NetworkService\Cookies 2007-12-19 21:38:14 0 d-------- C:\Documents and Settings\NetworkService\Application Data 2007-12-19 21:38:14 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft 2007-12-19 21:35:54 0 d-------- C:\WINDOWS\system32\xircom 2007-12-19 21:35:54 0 d-------- C:\Program Files\microsoft frontpage 2007-12-19 21:35:45 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT 2007-12-19 21:35:39 0 -rahs---- C:\MSDOS.SYS 2007-12-19 21:35:39 0 -rahs---- C:\IO.SYS 2007-12-19 21:35:39 0 --a------ C:\CONFIG.SYS 2007-12-19 21:35:39 0 --a------ C:\AUTOEXEC.BAT 2007-12-19 21:34:35 0 d--hs---- C:\Documents and Settings\All Users\DRM 2007-12-19 21:34:27 0 dr------- C:\WINDOWS\Offline Web Pages 2007-12-19 21:34:27 0 d---s---- C:\WINDOWS\Downloaded Program Files 2007-12-19 21:34:18 0 d--h----- C:\Program Files\WindowsUpdate 2007-12-19 21:34:03 0 d-------- C:\WINDOWS\system32\DirectX 2007-12-19 21:33:36 0 d---s---- C:\WINDOWS\Tasks 2007-12-19 21:33:35 0 d-------- C:\Program Files\Common Files\MSSoap 2007-12-19 21:33:32 0 d-------- C:\WINDOWS\srchasst 2007-12-19 21:33:31 0 d-------- C:\WINDOWS\system32\Macromed 2007-12-19 21:33:25 0 d-------- C:\Program Files\Movie Maker 2007-12-19 21:33:19 0 d-------- C:\WINDOWS\system32\Restore 2007-12-19 21:32:46 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-12-19 21:32:31 0 d-------- C:\WINDOWS\Registration 2007-12-19 21:32:24 0 d-------- C:\Program Files\Online Services 2007-12-19 21:32:18 0 d-------- C:\Program Files\Messenger 2007-12-19 21:32:15 0 d-------- C:\Program Files\MSN Gaming Zone 2007-12-19 21:31:43 0 d-------- C:\Program Files\Windows NT 2007-12-19 21:31:41 0 d-------- C:\WINDOWS\system32\MsDtc 2007-12-19 21:31:40 0 d-------- C:\WINDOWS\system32\Com -- Find3M Report --------------------------------------------------------------- 2007-12-20 07:23:12 62 --ahs---- C:\Documents and Settings\Styles\Application Data\desktop.ini 2007-10-11 09:55:10 88576 --a------ C:\WINDOWS\system32\infocardapi.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework> 2007-10-09 12:58:20 16896 --a------ C:\WINDOWS\system32\tswpfwrp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-29 13:21:29 9854976 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver> 2007-09-29 13:07:23 356352 --a------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre> 2007-09-29 13 17 268800 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>2007-09-29 12:58:34 143360 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2007-09-29 12:58:22 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component> 2007-09-29 12:58:15 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update> 2007-09-29 12:58:07 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility> 2007-09-29 12:57:55 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows> 2007-09-29 12:56:32 483328 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows> 2007-09-29 12:55:43 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family> 2007-09-29 12:49:19 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities> 2007-09-29 12:47:38 172032 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component> 2007-09-29 12:36:24 1593600 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver> 2007-09-29 12:36:05 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat 2007-09-29 12:36:05 972072 --a------ C:\WINDOWS\system32\ativva6x.dat 2007-09-29 12:36:05 3107788 --a------ C:\WINDOWS\system32\ativva5x.dat 2007-09-29 12:23:23 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver> 2007-09-29 12:22:08 376832 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager> 2007-09-29 12:20:14 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface> 2007-09-29 12:14:14 499712 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "P17Helper"="P17.dll" [03/05/2005 07:38 PM C:\WINDOWS\system32\P17.dll] "AtiPTA"="atiptaxx.exe" [22/02/2006 11:05 AM C:\WINDOWS\system32\atiptaxx.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [21/12/2007 06:02 AM] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [12/01/2006 04:40 PM] "DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [08/08/2007 05:47 PM] "AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [08/08/2007 06:00 PM] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [08/08/2007 05:51 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:56 AM] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [15/09/2006 02:27 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "ATIPRB"=C:\WINDOWS\system32\atiprbxx.exe /g [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 relog_ap -- End of Deckard's System Scanner: finished at 2007-12-23 14:39:13 ------------ |
|
|
|
|
12-22-2007, 10:54 PM
|
#5 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista
|
Re: HijackThis Log first time user
Hi JasonStiles,
It doesn't sound like you've had much fun at all lately.  On the bright side, your logs look clean. If you'd like to check one step further, run an online scan at Kaspersky and post the results here for review. Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400 Answer Yes, when prompted to install an ActiveX component.
If you're satisfied and see no reason to run another online scan, please let me know and I'll mark this thread as resolved.  |
|
|
|
|
12-23-2007, 06:59 PM
|
#6 (permalink) |
|
Registered User
|
Re: HijackThis Log first time user
Wow i'm shocked at this. This whole week AvG scanner only picks up one virus and the online TrendMicro Housecall scanner picked up one the other day. I noticed in the Kasper scan it picks up what Housecall found the other day, but I had deleted file using Housecall scan. Personally should I just get rid of AVG from my computer and get a trial version of Kasper instead or should I just leave it the way it is and use Kasper and Trendmicro Housecall to online scan once a week? Anyway here's the scan log:
------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, December 24, 2007 11:30:31 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 24/12/2007 Kaspersky Anti-Virus database records: 492679 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 33002 Number of viruses found: 4 Number of infected objects: 8 Number of suspicious objects: 0 Duration of the scan process: 00:22:35 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Styles\.housecall6.6\Quarantine\Eyetide Installer.exe.bac_a00436/WISE0009.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped C:\Documents and Settings\Styles\.housecall6.6\Quarantine\Eyetide Installer.exe.bac_a00436 WiseSFX: infected - 1 skipped C:\Documents and Settings\Styles\.housecall6.6\Quarantine\Eyetide Installer.exe.bac_a00436 CryptFF.b: infected - 1 skipped C:\Documents and Settings\Styles\Application Data\Mozilla\Firefox\Profiles\spitdyu2.default\cert8.db Object is locked skipped C:\Documents and Settings\Styles\Application Data\Mozilla\Firefox\Profiles\spitdyu2.default\formhistory.dat Object is locked skipped C:\Documents and Settings\Styles\Application Data\Mozilla\Firefox\Profiles\spitdyu2.default\history.dat Object is locked skipped C:\Documents and Settings\Styles\Application Data\Mozilla\Firefox\Profiles\spitdyu2.default\key3.db Object is locked skipped C:\Documents and Settings\Styles\Application Data\Mozilla\Firefox\Profiles\spitdyu2.default\parent.lock Object is locked skipped C:\Documents and Settings\Styles\Application Data\Mozilla\Firefox\Profiles\spitdyu2.default\search.sqlite Object is locked skipped C:\Documents and Settings\Styles\Application Data\Mozilla\Firefox\Profiles\spitdyu2.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Styles\Application Data\Mozilla\Firefox\Profiles\spitdyu2.default\webappsstore.sqlite Object is locked skipped C:\Documents and Settings\Styles\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Styles\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Styles\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Styles\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Styles\Local Settings\Application Data\Mozilla\Firefox\Profiles\spitdyu2.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Styles\Local Settings\Application Data\Mozilla\Firefox\Profiles\spitdyu2.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Styles\Local Settings\Application Data\Mozilla\Firefox\Profiles\spitdyu2.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Styles\Local Settings\Application Data\Mozilla\Firefox\Profiles\spitdyu2.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Styles\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Styles\Local Settings\History\History.IE5\MSHist012007122420071225\index.dat Object is locked skipped C:\Documents and Settings\Styles\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Styles\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Styles\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Styles\NTUSER.DAT.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{9022019F-7781-4051-835B-F6D7AF00E3B0}\RP29\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{963C0D75-707C-4F4A-A37A-958C646803E2}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\Extras\Utilities\Nero-6.6.1.15c_wch.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped D:\Extras\Utilities\Nero-6.6.1.15c_wch.exe RAR: infected - 1 skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\_restore{5064CB72-3CEF-4450-B3D1-05E151D8F919}\RP9\A0004113.exe/file02 Infected: not-a-virus:AdWare.Win32.Lop.bo skipped D:\System Volume Information\_restore{5064CB72-3CEF-4450-B3D1-05E151D8F919}\RP9\A0004113.exe/file13 Infected: Trojan.Win32.Obfuscated.en skipped D:\System Volume Information\_restore{5064CB72-3CEF-4450-B3D1-05E151D8F919}\RP9\A0004113.exe Inno: infected - 2 skipped D:\System Volume Information\_restore{9022019F-7781-4051-835B-F6D7AF00E3B0}\RP29\change.log Object is locked skipped Scan process completed. P.s also how in the earth can Nero Ultra edition install file be a virus? If that's the case then Nero should be avoided am I right? I'm not knowledgeable about software, but is someone able to edit an install program and add a virus somehow? In relation to the system volume information with restore on D drive could that have something to do with windows occasionally not loading and freezing? |
|
|
|
|
12-23-2007, 09:52 PM
|
#7 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista
|
Re: HijackThis Log first time user
Hi,
The Nero Toolbar is bundled with MyWebSearch which technically is not a virus, but adware. See this write up http://www.sophos.com/security/analy...websearch.html Some people like Nero so much, they choose to 'live with it'. It's up to you whether or not you wish to uninstall Nero. AVG is a fine Anti Virus program, but if you want to stick with free programs, I would suggest Avira AntiVir PersonalEdition Classic. Online scans are always a good idea, as each AV has their own strenths. ------------------------------------- Other than the report on Nero, and items in your System Restore, your logs are clean. Create a new System Restore point Click Start >> Run - type SYSDM.CPL & press Enter * Select the System Restore Tab * Tick on the checkbox - "Turn off System Restore on all drives" Click Apply * Then untick the same checkbox & click OK This will flush out previous restore points (which contain the infections) and create a new restore point. I realize you've been reading many of our topics, but I'd be remiss if I didn't give you my standard closing reply.  To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need? HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. ----------------------------------------------------- Follow the list above and the potential for infection will reduce dramatically. **Kindly respond one more time and let me know if we may consider this thread resolved. |
|
|
|
|
12-23-2007, 11:29 PM
|
#8 (permalink) |
|
Registered User
|
Re: HijackThis Log first time user
Yes got all of those guides already and had installed earlier today..using Comodo Firewall also instead of XP firewall which is disabled. Thanks might try Avira instead of AvG. This has been great help thanks again.
|
|
|
|
