Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My hijack this log. [RESOLVED]


  • This topic is locked This topic is locked

#16
snake24

snake24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
HI did as u told me to. My pc appears stable. So far no suspicious behavior has been detected. DO u think it might try and send out connections on its own secretly without the user knowing??? My firewall is the one by windows and i am using a router.


Here is my new log:





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:24 AM, on 5/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\Program Files\iolo\common\lib\ioloServiceManager.exe
H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\PROGRA~1\AVG\AVG8\avgemc.exe
H:\WINDOWS\System32\alg.exe
H:\Program Files\Windows Live\Messenger\usnsvc.exe
H:\Program Files\Trend Micro\HijackThis\Crusty.exe.exe
H:\WINDOWS\System32\wbem\wmiprvse.exe
H:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.10.150.116:35550
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - H:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - H:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SMSystemAnalyzer] "H:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "H:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = H:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1185550855000
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1196543575515
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) - http://www.iolo.com/...gradeVerify.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - H:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - H:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7581 bytes
  • 0

Advertisements


#17
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello snake thanks for the reply..

DO u think it might try and send out connections on its own secretly without the user knowing??? My firewall is the one by windows and i am using a router.


Backdoor trojans can do that but in your case, I don't think so.. As for your firewall, it is much better to use a third-party firewall which I'll recommend to you later..


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



NEXT


Since you asked for a firewall, I'll recommend these great third-party firewall. Please install ONLY ONE of these free and excellent firewal below:
After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.




Please post the Kaspersky Online Scanner log in your next reply... Tell me which firewall do you choose to use in your computer..


Regards
fenzodahl512
  • 0

#18
snake24

snake24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
HI just let me add the d/l of kaspersky's virus files which is 22mb took so long that i fell asleep. When i woke up it told me there was an error so i need to re download the files again. I just hope the scanning of my pc';s files do not take that long.

Thanks again.
  • 0

#19
snake24

snake24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
HI quite a long scan but then i have a 320 Gb hdd and 2 250 GB hdd.


Btw i have not used any 3rd party firewall and have decided not to use them as i am behind a router and i have windows firewall and my windows is always kept up to date. I feel that my router's firewall along with the windows firewall is adequate protection. WHat do u think????






Here is the virus scan report:





-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 22, 2008 8:05:39 PM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/05/2008
Kaspersky Anti-Virus database records: 793934
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 427343
Number of viruses found: 6
Number of infected objects: 34
Number of suspicious objects: 0
Duration of the scan process: 03:46:25

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{669E0A01-7C57-4E9E-BFFB-DD097323BF28}\RP448\change.log Object is locked skipped
D:\hiberfil.sys Object is locked skipped
D:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7036c4e035e0ce1c2691195bb9df2adc_4ba3ac77-3939-412f-9494-ffce65ea8d9c Object is locked skipped
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_4ba3ac77-3939-412f-9494-ffce65ea8d9c Object is locked skipped
D:\ProgramData\Symantec\SRTSP\SrtETmp\6C8AC638.TMP Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{669E0A01-7C57-4E9E-BFFB-DD097323BF28}\RP448\change.log Object is locked skipped
D:\Users\virgile\Desktop\addtional programs\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
D:\Users\virgile\Desktop\addtional programs\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
D:\Users\virgile\Desktop\addtional programs\mirc621.exe NSIS: infected - 2 skipped
D:\Users\virgile\Documents\MS product key recovery\produkey\ProduKey.exe Infected: not-a-virus:PSWTool.Win32.ProductKey.b skipped
D:\Users\virgile\Documents\MS product key recovery\produkey\produkey.zip/ProduKey.exe Infected: not-a-virus:PSWTool.Win32.ProductKey.b skipped
D:\Users\virgile\Documents\MS product key recovery\produkey\produkey.zip ZIP: infected - 1 skipped
D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Object is locked skipped
D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Object is locked skipped
E:\Old back up to vista\files on win vista\virgile\virgile\Desktop\addtional programs\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
E:\Old back up to vista\files on win vista\virgile\virgile\Desktop\addtional programs\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
E:\Old back up to vista\files on win vista\virgile\virgile\Desktop\addtional programs\mirc621.exe NSIS: infected - 2 skipped
E:\Old back up to vista\files on win vista\virgile\virgile\Documents\MS product key recovery\produkey\ProduKey.exe Infected: not-a-virus:PSWTool.Win32.ProductKey.b skipped
E:\Old back up to vista\files on win vista\virgile\virgile\Documents\MS product key recovery\produkey\produkey.zip/ProduKey.exe Infected: not-a-virus:PSWTool.Win32.ProductKey.b skipped
E:\Old back up to vista\files on win vista\virgile\virgile\Documents\MS product key recovery\produkey\produkey.zip ZIP: infected - 1 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{669E0A01-7C57-4E9E-BFFB-DD097323BF28}\RP448\change.log Object is locked skipped
H:\Documents and Settings\All Users\Application Data\iolo\FileInfoList\IOLOFIL.FDB Object is locked skipped
H:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
H:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
H:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
H:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
H:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
H:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
H:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
H:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
H:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
H:\Documents and Settings\Virgil\Application Data\iolo\SystemAnalyzer.log Object is locked skipped
H:\Documents and Settings\Virgil\Application Data\Mozilla\Firefox\Profiles\7sujyo4l.default\cert8.db Object is locked skipped
H:\Documents and Settings\Virgil\Application Data\Mozilla\Firefox\Profiles\7sujyo4l.default\flashgot.log Object is locked skipped
H:\Documents and Settings\Virgil\Application Data\Mozilla\Firefox\Profiles\7sujyo4l.default\formhistory.dat Object is locked skipped
H:\Documents and Settings\Virgil\Application Data\Mozilla\Firefox\Profiles\7sujyo4l.default\history.dat Object is locked skipped
H:\Documents and Settings\Virgil\Application Data\Mozilla\Firefox\Profiles\7sujyo4l.default\key3.db Object is locked skipped
H:\Documents and Settings\Virgil\Application Data\Mozilla\Firefox\Profiles\7sujyo4l.default\parent.lock Object is locked skipped
H:\Documents and Settings\Virgil\Application Data\Mozilla\Firefox\Profiles\7sujyo4l.default\search.sqlite Object is locked skipped
H:\Documents and Settings\Virgil\Application Data\Mozilla\Firefox\Profiles\7sujyo4l.default\urlclassifier2.sqlite Object is locked skipped
H:\Documents and Settings\Virgil\Cookies\index.dat Object is locked skipped
H:\Documents and Settings\Virgil\Desktop\Anti spyware and anti virus files and installers\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
H:\Documents and Settings\Virgil\Desktop\Anti spyware and anti virus files and installers\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
H:\Documents and Settings\Virgil\Desktop\Anti spyware and anti virus files and installers\SmitfraudFix.exe RAR: infected - 1 skipped
H:\Documents and Settings\Virgil\Desktop\Extra downloaded programs\mirc 6.3 Gamma version\mirc63.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
H:\Documents and Settings\Virgil\Desktop\Extra downloaded programs\mirc 6.3 Gamma version\mirc63.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
H:\Documents and Settings\Virgil\Desktop\Extra downloaded programs\mirc 6.3 Gamma version\mirc63.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
H:\Documents and Settings\Virgil\Desktop\Extra downloaded programs\mirc 6.3 Gamma version\mirc63.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
H:\Documents and Settings\Virgil\Desktop\Extra downloaded programs\mirc 6.3 Gamma version\mirc63.exe NSIS: infected - 4 skipped
H:\Documents and Settings\Virgil\Desktop\VIRUS GOT FROM PATHS PC\new-picture-004.zip/new-picture-004.JPEG_www.facebook.com Infected: Backdoor.Win32.IRCBot.czj skipped
H:\Documents and Settings\Virgil\Desktop\VIRUS GOT FROM PATHS PC\new-picture-004.zip ZIP: infected - 1 skipped
H:\Documents and Settings\Virgil\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
H:\Documents and Settings\Virgil\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
H:\Documents and Settings\Virgil\Local Settings\Application Data\Mozilla\Firefox\Profiles\7sujyo4l.default\Cache\B012410Ed01 Object is locked skipped
H:\Documents and Settings\Virgil\Local Settings\Application Data\Mozilla\Firefox\Profiles\7sujyo4l.default\Cache\_CACHE_001_ Object is locked skipped
H:\Documents and Settings\Virgil\Local Settings\Application Data\Mozilla\Firefox\Profiles\7sujyo4l.default\Cache\_CACHE_002_ Object is locked skipped
H:\Documents and Settings\Virgil\Local Settings\Application Data\Mozilla\Firefox\Profiles\7sujyo4l.default\Cache\_CACHE_003_ Object is locked skipped
H:\Documents and Settings\Virgil\Local Settings\Application Data\Mozilla\Firefox\Profiles\7sujyo4l.default\Cache\_CACHE_MAP_ Object is locked skipped
H:\Documents and Settings\Virgil\Local Settings\History\History.IE5\index.dat Object is locked skipped
H:\Documents and Settings\Virgil\Local Settings\Temp\fb_1668.lck Object is locked skipped
H:\Documents and Settings\Virgil\Local Settings\Temp\fla27B.tmp Object is locked skipped
H:\Documents and Settings\Virgil\Local Settings\Temp\fla4A35.tmp Object is locked skipped
H:\Documents and Settings\Virgil\Local Settings\Temp\Perflib_Perfdata_684.dat Object is locked skipped
H:\Documents and Settings\Virgil\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
H:\Documents and Settings\Virgil\ntuser.dat Object is locked skipped
H:\Documents and Settings\Virgil\ntuser.dat.LOG Object is locked skipped
H:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\_restore{669E0A01-7C57-4E9E-BFFB-DD097323BF28}\RP401\A0217464.exe Infected: not-a-virus:PSWTool.Win32.ProductKey.b skipped
H:\System Volume Information\_restore{669E0A01-7C57-4E9E-BFFB-DD097323BF28}\RP401\A0217657.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
H:\System Volume Information\_restore{669E0A01-7C57-4E9E-BFFB-DD097323BF28}\RP401\A0217657.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
H:\System Volume Information\_restore{669E0A01-7C57-4E9E-BFFB-DD097323BF28}\RP401\A0217657.exe NSIS: infected - 2 skipped
H:\System Volume Information\_restore{669E0A01-7C57-4E9E-BFFB-DD097323BF28}\RP448\change.log Object is locked skipped
H:\WINDOWS\CSC\00000001 Object is locked skipped
H:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
H:\WINDOWS\SchedLgU.Txt Object is locked skipped
H:\WINDOWS\SoftwareDistribution\EventCache\{B98806C7-3FE7-432B-9B99-9E13FDCA9266}.bin Object is locked skipped
H:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
H:\WINDOWS\Sti_Trace.log Object is locked skipped
H:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
H:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
H:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
H:\WINDOWS\system32\config\default Object is locked skipped
H:\WINDOWS\system32\config\default.LOG Object is locked skipped
H:\WINDOWS\system32\config\Internet.evt Object is locked skipped
H:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
H:\WINDOWS\system32\config\OSession.evt Object is locked skipped
H:\WINDOWS\system32\config\SAM Object is locked skipped
H:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
H:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
H:\WINDOWS\system32\config\SECURITY Object is locked skipped
H:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
H:\WINDOWS\system32\config\software Object is locked skipped
H:\WINDOWS\system32\config\software.LOG Object is locked skipped
H:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
H:\WINDOWS\system32\config\system Object is locked skipped
H:\WINDOWS\system32\config\system.LOG Object is locked skipped
H:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
H:\WINDOWS\system32\h323log.txt Object is locked skipped
H:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
H:\WINDOWS\TEMP\fb_1584.lck Object is locked skipped
H:\WINDOWS\TEMP\Perflib_Perfdata_7c4.dat Object is locked skipped
H:\WINDOWS\wiadebug.log Object is locked skipped
H:\WINDOWS\wiaservc.log Object is locked skipped
H:\WINDOWS\WindowsUpdate.log Object is locked skipped
I:\hiberfil.sys Object is locked skipped
I:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
I:\System Volume Information\_restore{669E0A01-7C57-4E9E-BFFB-DD097323BF28}\RP448\change.log Object is locked skipped
I:\Users\virgil\Desktop\additional drivers programs for vista\mirc631.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
I:\Users\virgil\Desktop\additional drivers programs for vista\mirc631.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
I:\Users\virgil\Desktop\additional drivers programs for vista\mirc631.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
I:\Users\virgil\Desktop\additional drivers programs for vista\mirc631.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
I:\Users\virgil\Desktop\additional drivers programs for vista\mirc631.exe NSIS: infected - 4 skipped
I:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Object is locked skipped
I:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Object is locked skipped
I:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Object is locked skipped
I:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Object is locked skipped
I:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTNT Kernel Logger.etl Object is locked skipped

Scan process completed.

Edited by snake24, 22 May 2008 - 06:10 AM.

  • 0

#20
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello.. It is good that you have a router, however, I'm still strongly recommend you to install a third-party firewall.. Below are some article that you can read about Windows Firewall and Third Party Firewall..

http://www.geekstogo...7874#entry27874

http://www.techduke....-one-is-better/

http://searchwindows...1022643,00.html


Now, lets do the following..


Using Windows Explorer, please delete the following file (if present): (To get into Windows Explorer, right click the START button and select "explore.")

H:\Documents and Settings\Virgil\Desktop\VIRUS GOT FROM PATHS PC\new-picture-004.zip




NEXT


Please Install/Update Sun Java

Updating Java:
  • Go to Start --> Control Panel --> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  • It should have next icon next to it: Posted Image
  • Select it and click Remove. This will uninstall the previous (outdated) version of Java.
  • Then Download and install the newest version from here: Java Runtime Environment (JRE) 6 Update 6


Please post a fresh HijackThis log in your next reply.. Please also tell us about your computer condition.. :)


Regards
fenzodahl512
  • 0

#21
snake24

snake24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
hi when i went to the java site there was a beta version. i did not d/l rthat one but should i?????

Del that file like you told me to. The last kaspersky virus scan had like 6 virus or something that it discovered but i noticed it said mirc file was the virus and also there were some hidden volume files that it could not scan. Is there any problem???

As of now and since that day my pc has been behaving stably. Yet u know some websites like youtube sometimes do not load up fully.Just the shell. Some sites too when i use FF to surf i am unable to post smilies in some forums like i cannot click on them. Other than this my pc looks fine to me,


Here's my log:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:11 PM, on 5/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
H:\Program Files\iolo\common\lib\ioloServiceManager.exe
H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Windows Live\Messenger\usnsvc.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\WINDOWS\system32\msiexec.exe
H:\Program Files\Trend Micro\HijackThis\Crusty.exe.exe
H:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.10.150.116:35550
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSystemAnalyzer] "H:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "H:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = H:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1185550855000
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1196543575515
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) - http://www.iolo.com/...gradeVerify.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - H:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - H:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7165 bytes
  • 0

#22
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello snake, thanks for the reply.. As for those mirc, what Kaspersky find is false positive..

About your internet surfing problem, I believe it is not related with malware. Please feel free to ask further assistance at our Web Browsers and Email forum


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between x and / is needed

    Posted Image




NEXT


Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




NEXT


I noticed you already have MalwareBytes' Anti-Malware and Spybot S&D as your antispyware.


I haven't seen any antivirus in your logs.. Do you uninstall your AVG8 previously? If so, please install ONLY ONE of these free and excellent antivirus below:


I also haven't seen any third-party firewall in your logs.. Do you have any? If you don't, please install ONLY ONE of these free and excellent firewal below:
After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.


And now, to help protect your computer in the future I would like to recommend you these following free programs. Please do remember to use only ONE "Real-Time Protection" software for EACH Antivirus, AntiSpyware and Firewall.
  • SpywareBlaster 4.0 to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

Lastly, to keep your operating system up to date please visit the link below monthly

To learn more about how to protect yourself while on the internet read this excellent article by Tony Klein: So how did I get infected in the first place?

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)


Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#23
snake24

snake24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
HI thanks.

I uninstalled combofix and used the program to remove the temp files etc etc from my browser and the pc. My system mechanic constantly removes temp files from my pc so it does not slow down. I noticed that your last post to me was about simple upkeeping of the pc. REst assured i constantly do housekeeping of my pc. I am thinking of which anti virus, firewall etc etc to select.


My pc beheavior has been the same as of late. That means tea timer does not ask me to change any registries u know stuff like that etc etc.


Do u need me to post a hijack this log?????????
  • 0

#24
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

Do u need me to post a hijack this log?????????



Errmm seems you do not have anymore problem with your computer, I think not, we don't need one :)

But if you have anymore problem with your computer, please tell us.. :)

Edited by fenzodahl512, 23 May 2008 - 10:51 PM.

  • 0

#25
snake24

snake24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
HI thanks a lot for the help. Appreciated. Thanks for the spy ware anti-virus and firewall reccomendations. Will select 1 of each.


Yes will report it in future if my pc has any problems. Thanks for taking out the time and effort to go thru each of the logs i post here.

Regards.
  • 0

Advertisements


#26
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP