Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

is this log clean?


  • Please log in to reply

#1
inite

inite

    Member

  • Member
  • PipPipPip
  • 409 posts
Logfile of HijackThis v1.99.0
Scan saved at 6:23:35 PM, on 1/27/2005
Platform: Windows XP SP2, v.2055 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2055)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\mIRC\mirc.exe
C:\Documents and Settings\User X\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100382220755
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunboun...Crypt/npkcx.cab
O23 - Service: AVG6 Service - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



ty :tazz:
  • 0

Advertisements


#2
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi inite


1) You may wish to print out a copy of these instructions to follow while you complete this procedure.

2) Be sure you're able to view hidden files,

3) Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunboun...Crypt/npkcx.cab


3) Reboot your PC.

4) Please run a free online virus scan here.(tick the "Auto Clean" checkbox):

5)Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and we'll remove what's left.

kc :tazz:
  • 0

#3
inite

inite

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 409 posts
sure, i'll do that in a few hours i guess.. currently cant get d/c, doing something really important... will post back later, ty =)
  • 0

#4
inite

inite

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 409 posts
Logfile of HijackThis v1.99.0
Scan saved at 9:22:29 AM, on 1/29/2005
Platform: Windows XP SP2, v.2055 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2055)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\User X\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100382220755
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: AVG6 Service - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



there we go, how is it?
  • 0

#5
inite

inite

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 409 posts
bump plz
  • 0

#6
Guest_thatman_*

Guest_thatman_*
  • Guest
Congratulations! Your system is CLEAN :tazz:

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here
QUOTE
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here http://windowsupdate.microsoft.com/ to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox user posted image.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats. ;)
  • 0

#7
inite

inite

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 409 posts
thx man.. thats really helpful

but i do have a problem...

"It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here http://windowsupdate.microsoft.com/ to make sure that you have the latest patches for Windows."

i have another pc, and when i updated it from there, one of the windows crashed... becos right after my comp starts, it gives me 2 options, both being win xp... just incase one of them crash, i've a back up.. thats the case... it crashed and i was told i had to manually insert explorer file? (not too sure regarding the file)

im pretty afraid if this happens to this comp again... any idea how that crash happened? and has it been fixed? i heard it has something to do with service pack 2?

thx =)
  • 0

#8
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi inite

Using IExplorer, Click tools, Click Windows Update

kc :tazz:
  • 0

#9
inite

inite

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 409 posts
ya, i know i can update from there... but my worry is the crash... i have an experience like 6 months back? updated from windowsupdate and then it crashed and i had to reformat the comp.. from then on i've not attempted to update my comp...

could it happen again? seems like service pack 2 is the culprit. and also, should i update everything there?
  • 0

#10
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi mate

The way I have update to XP_SP2 was a clean install Had the XP2 CD unpluged my cable from computer so no internet connection, installed my Firewall then my virus software, did not have any problems

No other updates IE SP1, SP1a

kc :tazz:
  • 0

#11
inite

inite

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 409 posts
hmmm, does that mean i shouldnt install from the windowsupdate? and i should just install manually? sorry but i dont quite understand there =)
  • 0

#12
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi inite

All my main programs and files are backed up on to a DVD-CD.

I have the windows XP-SP2 CD

I formated my hard drive.

Disconnected the cable to my PC for my broadband.

Installed XP clean install with no Windows updates.

Then updated with the XP-SP2 CD-ROM.

Installed my firewall and my antivirus software.

Turned off the power to my Pc.

Connected the cable back to the PC then turned on the power and booted up my pc.

If you do not have the XP-SP2 CD I believe you can get Microsoft to post it to you
will try to find the link for this if you need it

kc :tazz:
  • 0

#13
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi inite

Order XP-SP2 CD
http://www.microsoft...us/default.mspx

Here are some pointers and How To's:

Installing WinXP SP2
http://support.micro...xpsp2getinstall

Are You Ready for WinXP SP2?
http://www.microsoft...preinstall.mspx

What to Know Before Downloading/Installing SP2
http://www.microsoft...whattoknow.mspx

Installing SP2 Step-by-Step
http://support.micro...t.aspx?scid=fh;[ln];xpsp2insthowto

Troubleshooting Your Installation
http://support.micro...t.aspx?scid=fh;[ln];xpsp2insttshoot

WinXP SP2 FAQ: What to do after installing SP2
http://support.micro...;xpsp2installed

Service Pack (any) Installation Checklist (MVP Jupiter Jones)
http://www3.telus.ne...ar/spackins.htm

WinXP SP2-specific Page (MVP Jupiter Jones)
http://www3.telus.ne...demar/xpsp2.htm


kc :tazz:
  • 0

#14
inite

inite

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 409 posts
thx alot man! i'll try when i get home... and post back ...thx =)
  • 0

#15
inite

inite

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 409 posts
hmm, i just realised u actually explained installation of sp 2? sorry if i made things complicated, but wad i was referring to earlier was that my other comp crashed while windowsupdating on critical updates... and i was told that service pack 2 crashes with some of the critical updates...

so im pretty unsure if i should install those critical updates still as i have service pack 2 right now =)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP