| Other > Viruses and worms |
| can someone look over my hijack this log for anything bad? |
| (1/6) > >> |
| ltdanman44:
THANKS ANY WHO CAN HELP! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:53:17 AM, on 02/01/08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray .exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Kontiki\KService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\WINDOWS\SYSTEM32\cidaemon.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\Dan\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fark.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll F3 - REG:win.ini: load=C:\WINDOWS\system32\sstqo.exe O1 - Hosts: 87.106.166.63 www.winmx.com O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {1E3F888F-96D7-4A1B-8514-8991264E8B7D} (iSite 3D Renderer Class) - http://www.pc.gc.ca/apps/dci/source/bin/iS3DCtrl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113352044749 O16 - DPF: {821C0E13-32A6-4D85-A62C-C85338C03299} - http://download2.nba.com/Cabs/NBA_1_0_0_2.cab O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://download2.nba.com/Cabs/Entriq_3_6_0_15_Silent.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 5775 bytes |
| ltdanman44:
SUPERANTISPYWARE SAYS I HAVE TOJAN.WINFIXER everytime i tell it to remove it and reboot it comes back. help! |
| FreewheelinFrank:
Try scans with these specialist tools: http://www.malwarebytes.org/rogueremover.php http://siri.geekstogo.com/SmitfraudFix.php And a couple of general anti-spyware scanners: AVG Anti-Spyware Free Spybot Search & Destroy |
| TedNelly:
Suggest installing/using a firewall. Windows firewall is better than none! Comodo Comodo ™ Free Firewall Software Download ZoneAlarm Download ZoneAlarm Free 7.0.462.0 from filehippo.com |
| Lisandro:
Besides what have already been suggested, why don't you try? 1. Disable System Restore and reenable it after step 3. 2. Clean your temporary files. 3. Schedule a boot time scanning with avast with archive scanning turned on. 4. Use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than. 5. Test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster. 6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis. 7. Immunize your system with SpywareBlaster or Windows Advanced Care. 8. Check if you have insecure applications with Secunia Software Inspector. |
| Navigation |
| Message Index |
| Next page |