Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack this log Help please

Started by joechess99 , Jul 19 2005 11:48 AM

  • Please log in to reply

#16
Wizard
Posted 22 July 2005 - 05:57 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I still cant believe I missed that!

I must be slipping!!!

Looks alot better,any Improvements?
  • 0

Advertisements

#17
joechess99
Posted 22 July 2005 - 06:15 PM

joechess99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Cretemonster
I have not tested shutting it down yes and rebooting will do in the morning,
one thing though i just done an Antivir xp search and it came back with this message at the end. Viruses and/or unwanted program were found in one or more archives, Infected files in archives will not be detected or repaired.
here is the Anti vir log
cheers
joechess99


Creation date of the report file: 23 July 2005 00:11

AntiVir®/XP (2000 + NT) PersonalEdition Classic
Build 1047 vom 07.06.2005
Mainprogram 6.31.00.03 of 10.05.2005
VDF file 6.31.1.13 (0) of 22.07.2005


This program is for PERSONAL USE only.
Any other use is PROHIBITED.
Informations regarding commercial versions of AntiVir may be obtained from:
www.hbedv.com.


Scanning for 195478 virus strains and unwanted programs.

Licensed for: AntiVir Personal Edition
Serial number: 0000149996-WURGE-0001

Please enter the workstation and
contact name with phone number in this form:

Name ___________________________________________

Street ___________________________________________

Town ___________________________________________

Phone/Fax ___________________________________________

Email ___________________________________________

Platform: Windows NT Workstation
Windows version: 5.1 Build 2600 (Service Pack 2)
Username: Joe
Processor: Pentium
Working memory: 490992 KB free

Version information:
AVWIN.DLL : 6.31.00.03 561192 07.06.2005 11:34:48
AVEWIN32.DLL : 6.31.1.0 823808 21.07.2005 14:43:36
AVGNT.EXE : 6.31.00.01 168039 07.06.2005 11:34:48
AVGUARD.EXE : 6.31.00.01 238120 07.06.2005 11:34:48
GUARDMSG.DLL : 6.30.00.02 94248 07.06.2005 11:34:48
AVGCMSG.DLL : 6.31.00.00 295029 07.06.2005 11:34:48
AVGNTDW.SYS : 6.31.00.01 32896 07.06.2005 11:34:48
AVPACK32.DLL : 6.31.00.03 323664 07.06.2005 11:34:48
AVGETVER.DLL : 6.30.00.00 24576 07.06.2005 11:34:48
AVWIN.DLL : 6.31.00.03 561192 07.06.2005 11:34:48
AVSHLEXT.DLL : 6.30.00.01 40960 07.06.2005 11:34:48
AVSched32.EXE : 6.30.00.00 110632 07.06.2005 11:34:48
AVSched32.DLL : 6.30.00.00 122880 07.06.2005 11:34:48
AVREG.DLL : 6.30.00.03 41000 07.06.2005 11:34:48
AVRep.DLL : 6.31.01.10 1245224 23.07.2005 00:10:38
INETUPD.EXE : 6.31.00.02 249915 07.06.2005 11:34:50
INETUPD.DLL : 6.31.00.02 143360 07.06.2005 11:34:48
CTL3D32.DLL : 2.31.000 27136 07.07.2003 13:00:00
MFC42.DLL : 6.02.4131.0 1028096 04.08.2004 08:56:42
MSVCRT.DLL : 7.0.2600.2180 (xpsp_sp2_rtm.0408
MSVCRT.DLL : 7.0.2600.2180 343040 04.08.2004 08:56:44
CTL3DV2.DLL : No information

Configuration file:

Name of configuration file: C:\Program Files\AVPersonal\AVWIN.INI
Name of report file: C:\Program Files\AVPersonal\LOGFILES\AVWIN.LOG
Start path: C:\Program Files\AVPersonal
Command line:
Start mode: unknown

Mode of report file:
[ ] Do not create report
[X] Overwrite report
[ ] Append new report

Data in report file:
[X] Infected files
[ ] Infected files with paths
[ ] All scanned files
[ ] Full information

Abridge report file:
[ ] Abridge report file

Warnings in report:
[X] Access denied/file locked
[X] Wrong file size in directory
[X] Wrong creation time in directory
[ ] COM file is too large
[X] Invalid start address
[X] Invalid EXE header
[X] Possibly damaged

Summary report:
[X] Create summary report
Output file: AVWIN.ACT
Maximum number of entries: 100

Where to search:
[X] Memory
[X] Boot record of selected drives
[ ] Report unknown boot sectors
[ ] All files
[X] Program files
Extensions: .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

Response in case of a detection:
[X] Repair with prompt
[ ] Repair without prompt
[ ] Delete with prompt
[ ] Delete without prompt
[ ] Write in report file only
[X] Acoustic alarm

Response in case of destroyed files:
[X] Delete with prompt
[ ] Delete without prompt
[ ] Ignore

Response in case of destroyed files:
[X] No change
[ ] Current system time
[ ] Correct date

Drag&drop settings:
[X] Scan subdirectories

Profile settings:
[X] Scan subdirectories

Archive options
[X] Search archive
[X] All archive types

Miscellaneous options:
Temporary path: %TEMP% -> C:\Program Files\AVPersonal\BUILD.DAT
[X] Overwrite infected files
[ ] Detect idle time
[X] Allow interruptions of scan
[X] Load AVWin®/NT Guard on System start

General settings:
[X] Save options on exiting AntiVir
Priority: medium

Drives:
A: Floppy drive
C: Hard disk
D: CD-ROM

Start of scan: 23 July 2005 00:11

Memory test OK
Master boot record of hard disk HD0 OK
Boot record of drive C: OK


C:\
pagefile.sys
Access denied! Error during file opening!
This is a Windows swap file. This file is locked by Windows.
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery
AlexaRelated.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DyFuCA.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DyFuCA1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechPowerScan.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
C:\Documents and Settings\Joe\Favorites
? drivermagic.com what others have said.url
Access denied! Error during file opening!
Error code: 0x0016
WARNING! Access error/file locked!
C:\RECYCLER\S-1-5-21-1801674531-1957994488-1060284298-1003
Dc3.exe
ArchiveType: RAR SFX (self extracting)
--> myurlsagain.exe
ArchiveType: RAR SFX (self extracting)
--> Joystick News.url
[DETECTION] Is the Trojan horse TR/Clicker.JS.L.J.1
C:\RECYCLER\S-1-5-21-1801674531-1957994488-1060284298-1003\Dc4\setup
myurlsagain.exe
ArchiveType: RAR SFX (self extracting)
--> Joystick News.url
[DETECTION] Is the Trojan horse TR/Clicker.JS.L.J.1
Error! Could not change directory: System Volume Information
C:\WINDOWS\SoftwareDistribution\EventCache
{63DB9C6C-0342-4D27-BD95-B47E8F34185E}.bin
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\WINDOWS\system32
srvany.exe
The file contains signature of the SPR/Tool.SRunner.C4 program and was suppressed by the user.
C:\WINDOWS\system32\config
default
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SAM
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SECURITY
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
software
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
system
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8FH32Z9A
hisistheurls[1].exe
ArchiveType: RAR SFX (self extracting)
--> myurlsagain.exe
ArchiveType: RAR SFX (self extracting)
--> Joystick News.url
[DETECTION] Is the Trojan horse TR/Clicker.JS.L.J.1

End of scan: 23 July 2005 01:07
Time taken: 55:36 min


3330 directories were scanned
33238 files were scanned
8 warning messages were issued
0 files were deleted
0 files were repaired
3 detections
  • 0

#18
Wizard
Posted 23 July 2005 - 03:34 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,lets take care of the Recycle Bin first

Go to a Command Prompt:
Start-> Run-> type Cmd and hit OK
At the prompt, type the following bold commands:
(note the spaces!!)

cd\->hit enter

attrib -h -s c:\recycler->Enter

del c:\recycler->enter

Exit Command Prompt!


For the Temporary File

CCleaner:
http://www.filehippo...d_ccleaner.html

Open and Click "Run Cleaner"-> Let it do its thing!

I dont suggest using any of the other options,they seem to cause more problems that its worth!


Disable System Restore
http://service1.syma...src=sec_doc_nam

Restart the PC and Install this

SpywareBlaster:
http://www.javacools...areblaster.html
Update Immediatly!


Have the PC scanned here
http://www.ravantivirus.com/scan/


Post back with any results from the Scan and let me know how the PC is running?
  • 0

#19
joechess99
Posted 23 July 2005 - 04:42 AM

joechess99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi
it froze again 3 times this morning
iam about to do the things you suggested
i already have spyblaster installed and updated, will
try waht you said and post back the log etc,
The first boot this morning i checked my e-mails, then went on here after about 2 mins it froze,
the second time everything was ok again, but after about 5 mins it froze while i was trying to reply to you, and again while i was typing to reply to yo uit froze again, i have rebooted for the 3rd time and it seems ok now as i have been on for over 10 mins!!! and i have managed to type this to you etc
cheers
Joe
  • 0

#20
Wizard
Posted 23 July 2005 - 04:47 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Lets run this program too!

UnHackMe
http://www.greatis.c...me/download.htm

I will feel much more comfprtable when that is run!
  • 0

#21
joechess99
Posted 23 July 2005 - 06:27 AM

joechess99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi
It froze while i was doing a http://www.ravantivirus.com/scan/
I rebooted and did it again this time ok, i also did all the things you said ie the commands etc, and the clean, i also downloaded the unhack me and it came back with thats all right no trojans found,
Here is a new Hijack this log, and the ravantivirus log and unhack me etc
what is goin gon man, can the freeze problem be solved iam convinced it is not a hardware problem!!
cheers
Joe

ravantivirus log

Scanned
============================
Objects: 32993
Directories: 3321
Archives: 846
Size(Kb): -1742329
Infected files: 0

Found
============================
Viruses found: 0
Suspicious files: 0
Disinfected files: 0
Mail files: 574


unhack me

No trojans found

Hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 13:27:21, on 23/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
  • 0

#22
Wizard
Posted 23 July 2005 - 08:24 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Does it do this when you go to Safe Mode?
  • 0

#23
joechess99
Posted 23 July 2005 - 08:52 AM

joechess99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
It has done in the past ie froze in safe mode,
although i havnt tried booting up from safe mode since all the stuff that has been done on it, but it defo done it in the past ie froze after a while in safe mode, i will turn the pc of for a while then reboot in safe mode to see if it still freezes
cheers
Joe
  • 0

#24
joechess99
Posted 23 July 2005 - 11:33 AM

joechess99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hellllllllllllpppppppppppppppp
I tried to boot up in safe mode with Newtwork, crashed immediately, then tried without network again crashed!!!
Then i didnt even get my beep on post as normal it took me 4 times to get to the
desctop, then froze again,
so i checked the ide cables etc all was fine
so i booted up again as normal again crashed and this time the screen just went of!!!!
so i booted yp again and so far so good as iam writing this to you
what do you think is going on?
cheers
Joe
  • 0

#25
Wizard
Posted 23 July 2005 - 03:18 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I havent a clue what is going on!
  • 0

Advertisements

#26
joechess99
Posted 23 July 2005 - 03:25 PM

joechess99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi When you asked me does it boot into safe mode without freezing
i tried it still freezes, i also had a prob with boot up as it wasnt doing the first beep before it boots up etc, it has been on now for over 5 hours without a problem, it seems when i turn it of then boot up again a few hours later it takes about 4 or 5
boots to stop freezing any ideas?
cheers
Joe
  • 0

#27
Wizard
Posted 23 July 2005 - 06:54 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Do you have the original Windows CD?
  • 0

#28
joechess99
Posted 23 July 2005 - 07:40 PM

joechess99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Well a copy of xp pro
why?
  • 0

#29
Wizard
Posted 24 July 2005 - 03:59 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Pop that cd into the CD-Rom Drive

Click Start>>Run>>Type in CMD and Click OK!

Type "SFC /purgecache" and click enter!
This will force Windows to purge its DLL cache and repopulate with clean system files!

Type "SFC /Enable" and click enter!
This will make sure that your OS has its System File Checker enabled!

Type "SFC /scannow" and click enter!
This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem!


See if that will fix any damaged system files!
  • 0

#30
joechess99
Posted 24 July 2005 - 06:05 AM

joechess99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi How long does this take
I did the commands etc
then the blue bar slowly dragged accross the bar, after repeatingly asking me to please insert win xp disk and retry etc, the blue bar finishing ie scanning files, then it just went, and all i can see is the black box now JUST AFTER
joe sfc / scannow
is just Documents and settings\joe and the curser FLASHING HAS IT FINISHED OR IS IT STILL LOADING FILES ETC?
iam confused!
Joe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP