Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

is this log clean?

Started by inite , Jan 27 2005 04:23 AM

Please log in to reply

#1
inite

Posted 27 January 2005 - 04:23 AM

Member

Member
409 posts

Logfile of HijackThis v1.99.0
Scan saved at 6:23:35 PM, on 1/27/2005
Platform: Windows XP SP2, v.2055 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2055)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\mIRC\mirc.exe
C:\Documents and Settings\User X\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100382220755
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunboun...Crypt/npkcx.cab
O23 - Service: AVG6 Service - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

ty :tazz:

#2
Guest_thatman_*

Posted 27 January 2005 - 04:46 AM

Guest

Hi inite

1) You may wish to print out a copy of these instructions to follow while you complete this procedure.

2) Be sure you're able to view hidden files,

3) Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunboun...Crypt/npkcx.cab

3) Reboot your PC.

4) Please run a free online virus scan here.(tick the "Auto Clean" checkbox):

5)Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and we'll remove what's left.

kc :tazz:

#3
inite

Posted 27 January 2005 - 09:07 AM

Member

Topic Starter
Member
409 posts

sure, i'll do that in a few hours i guess.. currently cant get d/c, doing something really important... will post back later, ty =)

#4
inite

Posted 28 January 2005 - 07:22 PM

Member

Topic Starter
Member
409 posts

Logfile of HijackThis v1.99.0
Scan saved at 9:22:29 AM, on 1/29/2005
Platform: Windows XP SP2, v.2055 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2055)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\User X\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100382220755
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: AVG6 Service - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

there we go, how is it?

#5
inite

Posted 29 January 2005 - 11:19 PM

Member

Topic Starter
Member
409 posts

bump plz

#6
Guest_thatman_*

Posted 31 January 2005 - 03:53 AM

Guest

Congratulations! Your system is CLEAN :tazz:

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here
QUOTE
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here http://windowsupdate.microsoft.com/ to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox user posted image.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats.

#7
inite

Posted 31 January 2005 - 06:55 AM

Member

Topic Starter
Member
409 posts

thx man.. thats really helpful

but i do have a problem...

"It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here http://windowsupdate.microsoft.com/ to make sure that you have the latest patches for Windows."

i have another pc, and when i updated it from there, one of the windows crashed... becos right after my comp starts, it gives me 2 options, both being win xp... just incase one of them crash, i've a back up.. thats the case... it crashed and i was told i had to manually insert explorer file? (not too sure regarding the file)

im pretty afraid if this happens to this comp again... any idea how that crash happened? and has it been fixed? i heard it has something to do with service pack 2?

thx =)

#8
Guest_thatman_*

Posted 31 January 2005 - 07:15 AM

Guest

Hi inite

Using IExplorer, Click tools, Click Windows Update

kc :tazz:

#9
inite

Posted 01 February 2005 - 04:11 PM

Member

Topic Starter
Member
409 posts

ya, i know i can update from there... but my worry is the crash... i have an experience like 6 months back? updated from windowsupdate and then it crashed and i had to reformat the comp.. from then on i've not attempted to update my comp...

could it happen again? seems like service pack 2 is the culprit. and also, should i update everything there?

#10
Guest_thatman_*

Posted 01 February 2005 - 04:43 PM

Guest

Hi mate

The way I have update to XP_SP2 was a clean install Had the XP2 CD unpluged my cable from computer so no internet connection, installed my Firewall then my virus software, did not have any problems

No other updates IE SP1, SP1a

kc :tazz:

#11
inite

Posted 02 February 2005 - 07:35 AM

Member

Topic Starter
Member
409 posts

hmmm, does that mean i shouldnt install from the windowsupdate? and i should just install manually? sorry but i dont quite understand there =)

#12
Guest_thatman_*

Posted 02 February 2005 - 10:06 AM

Guest

Hi inite

All my main programs and files are backed up on to a DVD-CD.

I have the windows XP-SP2 CD

I formated my hard drive.

Disconnected the cable to my PC for my broadband.

Installed XP clean install with no Windows updates.

Then updated with the XP-SP2 CD-ROM.

Installed my firewall and my antivirus software.

Turned off the power to my Pc.

Connected the cable back to the PC then turned on the power and booted up my pc.

If you do not have the XP-SP2 CD I believe you can get Microsoft to post it to you
will try to find the link for this if you need it

kc :tazz:

#13
Guest_thatman_*

Posted 02 February 2005 - 01:52 PM

Guest

Hi inite

Order XP-SP2 CD
http://www.microsoft...us/default.mspx

Here are some pointers and How To's:

Installing WinXP SP2
http://support.micro...xpsp2getinstall

Are You Ready for WinXP SP2?
http://www.microsoft...preinstall.mspx

What to Know Before Downloading/Installing SP2
http://www.microsoft...whattoknow.mspx

Installing SP2 Step-by-Step
http://support.micro...t.aspx?scid=fh;[ln];xpsp2insthowto

Troubleshooting Your Installation
http://support.micro...t.aspx?scid=fh;[ln];xpsp2insttshoot

WinXP SP2 FAQ: What to do after installing SP2
http://support.micro...;xpsp2installed

Service Pack (any) Installation Checklist (MVP Jupiter Jones)
http://www3.telus.ne...ar/spackins.htm

WinXP SP2-specific Page (MVP Jupiter Jones)
http://www3.telus.ne...demar/xpsp2.htm

kc :tazz:

#14
inite

Posted 02 February 2005 - 07:36 PM

Member

Topic Starter
Member
409 posts

thx alot man! i'll try when i get home... and post back ...thx =)

#15
inite

Posted 03 February 2005 - 06:46 AM

Member

Topic Starter
Member
409 posts

hmm, i just realised u actually explained installation of sp 2? sorry if i made things complicated, but wad i was referring to earlier was that my other comp crashed while windowsupdating on critical updates... and i was told that service pack 2 crashes with some of the critical updates...

so im pretty unsure if i should install those critical updates still as i have service pack 2 right now =)