HiJackThis Log

[YellowKid]

Hi I need a HiJackThis Log analyst to check my log just to make sure my computer is safe,also I did AVG Anti Virus Scans,the only thing that shows up is "hosts" which doesn't allow me to do anything to it at the end of the scan,I assume its nothing? And after I use AVG Anti Spyware theres a bunch of tracking cookies,I always delete them,they just seem to never go away. What can I do to remove them for good. And here is my log.

Logfile of HijackThis v1.99.1
Scan saved at 4:16:11 PM, on 6/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jamie\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Thank you for your time,it is appreciated,also thanks in advance

[YellowKid]

Anyone? :)

[Ried]

Hello YellowKid,

As noted in our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log....

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review.
• DSS automatically runs HijackThis 1.99.1 for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. **Allow dss.exe to download HijackThis 1.99.1 when prompted**

Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

Please include the following in your next reply:

main.txt
an attached extra.txt

[YellowKid]

I have followed the steps you've given me.

main.txt :

Deckard's System Scanner v20070611.50
Run by Jamie on 2007-07-05 at 14:24:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
17: 2007-07-05 18:24:44 UTC - RP37 - Deckard's System Scanner Restore Point
16: 2007-07-01 18:42:36 UTC - RP36 - System Checkpoint
15: 2007-06-30 17:31:22 UTC - RP35 - System Checkpoint
14: 2007-06-28 19:17:36 UTC - RP34 - Installed AVG 7.5
13: 2007-06-27 22:54:03 UTC - RP33 - System Checkpoint


-- First Restore Point --
1: 2007-06-12 12:03:08 UTC - RP21 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Jamie.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:26:48 PM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jamie\Local Settings\Temporary Internet Files\Content.IE5\F2KJFLGP\dss[1].exe
C:\DOCUME~1\Jamie\Desktop\Jamie.exe
C:\Program Files\Windows Media Player\wmplayer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 npkcrypt - c:\documents and settings\jamie\desktop\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>

S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" (file missing)


-- Files created between 2007-06-05 and 2007-07-05 -----------------------------

2007-07-01 23:26:33 0 d-------- C:\Program Files\LimeWire
2007-06-28 14:52:21 0 d-------- C:\Documents and Settings\Jamie\Application Data\Grisoft
2007-06-27 18:13:21 0 d-------- C:\WINDOWS\pss
2007-06-25 20:51:23 0 d-------- C:\Program Files\UPHClean
2007-06-17 20:49:13 0 d--h----- C:\WINDOWS\PIF
2007-06-15 21:32:21 0 d-------- C:\Documents and Settings\Jamie\Application Data\Apple Computer
2007-06-15 21:31:06 0 d-------- C:\Program Files\QuickTime
2007-06-15 21:30:17 0 d-------- C:\Program Files\iTunes
2007-06-15 21:30:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-06-15 21:29:26 38229 -----n--- C:\WINDOWS\system32\drivers\StMp3Rec.sys <Not Verified; Generic; Generic MP3 Player>
2007-06-15 21:29:06 0 d-------- C:\Program Files\iPod
2007-06-15 21:24:14 0 d-------- C:\WINDOWS\Downloaded Installations
2007-06-12 19:52:34 0 d-------- C:\WINDOWS\Sun
2007-06-12 07:56:14 0 d-------- C:\Documents and Settings\Jamie\.SunDownloadManager
2007-06-12 07:54:07 0 d-------- C:\Program Files\Java
2007-06-12 07:54:05 0 d-------- C:\Program Files\Common Files\Java
2007-06-12 07:44:57 0 d-------- C:\WINDOWS\system32\appmgmt
2007-06-12 07:38:30 0 d-------- C:\Documents and Settings\Jamie\Application Data\Sun
2007-06-06 07:59:07 0 d--h----- C:\WINDOWS\system32\GroupPolicy


-- Find3M Report ---------------------------------------------------------------

2007-07-05 10:45:58 0 d-------- C:\Documents and Settings\Jamie\Application Data\AVG7
2007-07-03 18:25:58 0 d-------- C:\Documents and Settings\Jamie\Application Data\LimeWire
2007-06-27 20:58:47 0 d-------- C:\Program Files\lg_fwupdate
2007-06-24 18:31:45 0 d-------- C:\Program Files\Common Files\Adobe
2007-06-15 21:24:09 0 d-------- C:\Program Files\Common Files\InstallShield
2007-06-04 22:28:39 0 d-------- C:\Documents and Settings\Jamie\Application Data\WinRAR
2007-06-03 18:18:45 86016 --a------ C:\WINDOWS\system32\rpcapd.exe <Not Verified; NetGroup - Politecnico di Torino; Remote Packet Capture Daemon>
2007-06-03 18:18:45 6656 --a------ C:\WINDOWS\system32\NetMonInstaller.exe <Not Verified; NetGroup - Politecnico di Torino; NetMon Protocol Driver Installer>
2007-06-03 18:18:45 49152 --a------ C:\WINDOWS\system32\daemon_mgm.exe <Not Verified; NetGroup - Politecnico di Torino; WinPcap Remote Capture Daemon installer/remover>
2007-06-03 18:18:44 49152 --a------ C:\WINDOWS\system32\npf_mgm.exe <Not Verified; NetGroup - Politecnico di Torino; WinPcap NPF Driver installer/remover>
2007-06-02 13:12:33 0 d--h----- C:\Program Files\WindowsUpdate
2007-06-02 08:33:33 0 d-------- C:\Documents and Settings\Jamie\Application Data\CyberLink
2007-06-01 23:28:26 0 d-------- C:\Documents and Settings\Jamie\Application Data\InterTrust
2007-06-01 23:28:26 0 d-------- C:\Documents and Settings\Jamie\Application Data\Adobe
2007-06-01 23:26:45 0 d-------- C:\Program Files\Ahead
2007-06-01 23:26:33 0 d-------- C:\Program Files\Common Files\Ahead
2007-06-01 23:25:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-01 23:25:13 0 d-------- C:\Program Files\CyberLink DVD Solution
2007-06-01 23:23:54 0 d-------- C:\Program Files\CyberLink
2007-06-01 18:27:54 0 d-------- C:\Documents and Settings\Jamie\Application Data\Google
2007-06-01 07:52:04 0 d-------- C:\Documents and Settings\Jamie\Application Data\Real
2007-06-01 07:47:20 0 d-------- C:\Program Files\Common Files\xing shared
2007-06-01 07:47:18 0 d-------- C:\Program Files\Common Files\Real
2007-06-01 07:47:13 0 d-------- C:\Program Files\Google
2007-06-01 07:46:54 0 d-------- C:\Program Files\Real
2007-05-29 20:20:06 0 d-------- C:\Program Files\Realtek
2007-05-29 20:14:59 0 d-------- C:\Documents and Settings\Jamie\Application Data\Help
2007-05-29 19:44:03 0 d-------- C:\Program Files\Realtek AC97
2007-05-29 19:03:26 0 d-------- C:\Program Files\MSN Messenger
2007-05-29 18:38:37 0 d-------- C:\Program Files\Messenger
2007-05-29 18:38:16 0 d-------- C:\Program Files\Movie Maker
2007-05-29 18:35:52 0 d-------- C:\Program Files\Windows NT
2007-05-29 17:52:54 0 d-------- C:\Documents and Settings\Jamie\Application Data\Macromedia
2007-05-29 17:48:35 0 d-------- C:\Documents and Settings\Jamie\Application Data\Identities
2007-05-29 17:43:29 0 d-------- C:\Program Files\microsoft frontpage
2007-05-29 17:43:15 0 -rahs---- C:\MSDOS.SYS
2007-05-29 17:43:15 0 -rahs---- C:\IO.SYS
2007-05-29 17:43:15 0 --a------ C:\CONFIG.SYS
2007-05-29 17:43:15 0 --a------ C:\AUTOEXEC.BAT
2007-05-29 17:42:13 0 d-------- C:\Program Files\Online Services
2007-05-29 17:40:29 0 d-------- C:\Program Files\Common Files\MSSoap
2007-05-29 17:40:01 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-29 17:39:29 0 d-------- C:\Program Files\MSN Gaming Zone
2007-05-29 13:20:11 0 d-------- C:\Program Files\Common Files\ODBC
2007-05-29 13:20:06 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-05-29 13:19:40 62 --ahs---- C:\Documents and Settings\Jamie\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fwupdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\lg_fwupdate\\fwupdate.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDCPL"
"hkey"="HKLM"
"command"="RTHDCPL.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_NPPTNT2


-- End of Deckard's System Scanner: finished at 2007-07-05 at 14:30:47 ---------

[Ried]

Hi Jazz,

Quote:

AVG Anti Virus Scans,the only thing that shows up is "hosts"

I'm not seeing any malware in these logs. What exactly did it say about hosts?

Please run this online scan and we'll see if anything is lurking about. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

Panda results
New HijackThis log

[YellowKid]

It's just when I do scans the only thing that shows up is
"hosts" I just don't know if its a good or bad thing lol. And it doesn't say anything about it,it just shows up,I assume it doesn't mean anything? =/
Also,I was told to use HiJackThis and post a Log to see if I had any problems because my computer shuts down slowly,I shall post the HiJackThis and panda results soon after I scan.

[Ried]

Quote:

And it doesn't say anything about it,it just shows up,

Run a scan with AVG and when that shows up, take a screen shot of it and attach it in your next reply.

In Windows a screenshot of the entire monitor, complete with taskbar, can be copied to the system clipboard by pressing the Print screen key (normally located in the top row on the right-hand side of the keyboard)..

You can then paste the clipboard into a program like MS Paint to save it as an image file or paste it directly into a document.

1. Press the Print screen key
2. Click the "Start" button (normally located in the bottom left of your screen).
3. Click "Run" & type "mspaint" (without quotes) & click the "OK" button.
4. Wait while the application "Paint" opens. Once it is open, proceed to the next step.
5. Click the "Edit" menu and select "Paste".
6. Click the "File" menu and select "Save As...". A dialog box will appear.
7. In the "File name" field, enter a name of your choice.
8. Click the "Save as type" drop-down and select "JPEG (*.JPG;*.JPEG;*.JPE*;.JFIF)".
9. Click the "Save" button.

[YellowKid]

I did the Panda Scan and It found 13 infections,but during the scan it just closes that window,I've redone it about 3 times and the window still closes.


Shot at 2007-07-06

[Ried]

Try this online scanner instead.

Perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note for Internet Explorer 7 users**

If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

[YellowKid]

Sorry its been a while,I've been busy for the past couple of days. I have attached the text to this post. Thanks

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 11, 2007 10:28:38 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/07/2007
Kaspersky Anti-Virus database records: 361456
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 56396
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:46:58

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\Jamie\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Messenger\Rycedude@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Messenger\Rycedude@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Messenger\Rycedude@hotmail.com\SharingMetadata\Working\database_30F8_7DFD_F87D_C220\dfsr.db Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Messenger\Rycedude@hotmail.com\SharingMetadata\Working\database_30F8_7DFD_F87D_C220\fsr.log Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Messenger\Rycedude@hotmail.com\SharingMetadata\Working\database_30F8_7DFD_F87D_C220\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Messenger\Rycedude@hotmail.com\SharingMetadata\Working\database_30F8_7DFD_F87D_C220\tmp.edb Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Windows Live Contacts\Rycedude@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Windows Live Contacts\Rycedude@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\History\History.IE5\MSHist012007071120070712\index.dat Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Temp\~DF365F.tmp Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Temp\~DF3938.tmp Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Temp\~DF81B5.tmp Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Temp\~DF8267.tmp Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jamie\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jamie\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP39\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[Ried]

Your system is clean--that dialog by AVG Free is nothing to be concerned about. Many legit Windows files will be reported as 'changed' when you scan with AVG Free. As long as they are not flagged as 'infected', no worries. For a detail on what exactly that 'changed' status means by AVG, I would suggest you contact their site and ask them to explain it to you.

[YellowKid]

Oh,good to hear :D Thanks for all your help,I've been told to see if my system was infected because my computer takes a while to get to the shutdown menu,nothing worked,I guess Im just going to have to get use to the wait,thank you for all your help :D Have a terrific summer.

[Ried]

You're welcome.

Are you saying it takes a while to complete the shutdown? Or does it take a while for the Start menu to appear once you click on it?

[YellowKid]

Both,when I click Start>Turnoff,the Menu takes maybe 2-3minutes to come up approx. after that,it also takes a bit to shut it self down. This is a pain because I waste alot of time trying to turn it off when Im in a rush to go somewhere. I've tried a bunch of advice from a thread I made and none of them seemed to work or help.

[Ried]

I see, it was discussed here Slow Computer Shutdown

I'm afraid that issue is Operating System related and until you get a hold of an XP install disc, you'll just have to live with that slow shutdown.