Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Resolved] Hijackthis log-any advice?

[Fixed] Hijackthis! Logs - [Resolved] Hijackthis log-any advice? posted in the Security & Safety forums; Hi peeps,last week my daughter accidentaly (or so she tells me) clicked on a link whilst using msn.After running various online scanners, my installed version of panda av,spybot and adaware ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 11-25-2006
phildigger's Avatar
Bronze Member
  
Join Date: Nov 2006
Posts: 10
phildigger - See this Members User comments on their Profile page
Default [Resolved] Hijackthis log-any advice?
Hi peeps,last week my daughter accidentaly (or so she tells me) clicked on a link whilst using msn.After running various online scanners, my installed version of panda av,spybot and adaware things are a lot better but still not 100% certain that everythings gone.

Heres the logs for agv,spy sweeper and hijackthis,any advice would be most appreciated,sorry about the length of the spy sweeper log but I`ve ran this a few times now and it always seems to save to the same log file

Thanks in advance


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 19:41:25 25/11/2006
+ Scan result:

C:\System Volume Information\_restore{2B9EA4A3-06D3-48F9-B8D0-5A3844386EE4}\RP298\A0096815.exe -> Worm.VB.ar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2B9EA4A3-06D3-48F9-B8D0-5A3844386EE4}\RP298\A0096816.exe -> Worm.VB.ar : Cleaned with backup (quarantined).

::Report end

The spysweeper log:


17:37: Traces Found: 2
17:37: Custom Sweep has completed. Elapsed time 00:29:22
17:37: File Sweep Complete, Elapsed Time: 00:28:17
17:30: euro dance club mixes #5 - rockell - the dance (hex dez club mix) - (download if you like any techno, rave, trance, remix, dj stuff or webster hall) 1.mp3 (ID = 0)
17:30: dj twocan - everytime we touch my humps new monkey mc stompin natz dance techno rave happy hardcore bonkers dj besty cammy zitkus gillies fatcat.mp3 (ID = 0)
17:30: Found System Monitor: potentially rootkit-masked files
17:30: Warning: Failed to access drive D:
17:09: Starting File Sweep
17:09: Warning: Failed to access drive A:
17:09: Cookie Sweep Complete, Elapsed Time: 00:00:00
17:09: Starting Cookie Sweep
17:09: Registry Sweep Complete, Elapsed Time:00:00:14
17:09: Starting Registry Sweep
17:09: Memory Sweep Complete, Elapsed Time: 00:00:44
17:08: Starting Memory Sweep
17:08: Warning: Files are not scanned for viruses because AV engine failed to load.
17:08: Sweep initiated using definitions version 808
17:08: Spy Sweeper 5.2.3.2125 started
17:08: | Start of Session, 25 November 2006 |
********
17:08: | End of Session, 25 November 2006 |
17:07: Program Version 5.2.3.2125 Using Spyware Definitions 808
17:07: Warning: Virus definitions files are invalid, please update your virus definitions. 220
16:08: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
16:05: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
16:04: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
16:04: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
16:04: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
16:03: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
15:52: Your definitions are up to date.
Operation: File Access
Target:
Source: C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS 2007\AVTASK.EXE
14:24: Tamper Detection
09:05: The Internet Communication shield has blocked access to: SEARCHPORTAL.INFORMATION.COM
09:05: The Internet Communication shield has blocked access to: SEARCHPORTAL.INFORMATION.COM
09:05: The Internet Communication shield has blocked access to: SEARCHPORTAL.INFORMATION.COM
09:05: The Internet Communication shield has blocked access to: SEARCHPORTAL.INFORMATION.COM
00:29: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\1392[3].ssq". The process cannot access the file because it is being used by another process
00:29: Spy Installation Shield: found: Adware: targetsaver, version 1.0.0.0
00:29: Spy Installation Shield: found: Adware: targetsaver, version 1.0.0.0
Operation: File Access
Target:
Source: C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS 2007\AVTASK.EXE
14:47: Tamper Detection
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
00:26: Shield States
00:26: Spyware Definitions: 808
00:26: Warning: Virus definitions files are invalid, please update your virus definitions. 220
00:26: Spy Sweeper 5.2.3.2125 started
23:01: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
23:00: Download has been canceled at your request.
23:00: Download has been canceled at your request.
23:00: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
22:58: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
22:53: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
22:51: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
22:47: Shield States
22:47: Warning: Virus definitions files are invalid, please update your virus definitions. 220
22:47: Spyware Definitions: 808
22:47: Spy Sweeper 5.2.3.2125 started
22:12: | End of Session, 23 November 2006 |
22:12: Program Version 5.2.3.2125 Using Spyware Definitions 808
22:12: Warning: Virus definitions files are invalid, please update your virus definitions. 220
Operation: Terminate
Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
Source: C:\WINDOWS\system32\csrss.exe
22:09: Tamper Detection
Operation: Terminate
Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
Source: C:\WINDOWS\system32\csrss.exe
22:09: Tamper Detection
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
22:09: Shield States
22:09: Spyware Definitions: 808
22:09: Warning: Virus definitions files are invalid, please update your virus definitions. 220
22:08: Spy Sweeper 5.2.3.2125 started
21:33: | End of Session, 23 November 2006 |
21:32: Program Version 5.2.3.2125 Using Spyware Definitions 808
21:32: Warning: Virus definitions files are invalid, please update your virus definitions. 220
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
21:25: Shield States
21:25: Spyware Definitions: 808
21:25: Warning: Virus definitions files are invalid, please update your virus definitions. 220
21:25: Spy Sweeper 5.2.3.2125 started
20:55: Your definitions are up to date.
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
20:35: Shield States
20:34: Warning: Virus definitions files are invalid, please update your virus definitions. 220
20:34: Spyware Definitions: 790
20:34: Spy Sweeper 5.2.3.2125 started
20:34: Spy Sweeper 5.2.3.2125 started
20:34: | Start of Session, 23 November 2006 |
********
22:07: Removal process completed. Elapsed time 00:01:09
22:07: Preparing to restart your computer. Please wait...
22:07: euro dance club mixes #5 - rockell - the dance (hex dez club mix) - (download if you like any techno, rave, trance, remix, dj stuff or webster hall) 1.mp3 is in use. It will be removed on reboot.
22:07: dj twocan - everytime we touch my humps new monkey mc stompin natz dance techno rave happy hardcore bonkers dj besty cammy zitkus gillies fatcat.mp3 is in use. It will be removed on reboot.
22:07: potentially rootkit-masked files is in use. It will be removed on reboot.
22:06: Quarantining All Traces: potentially rootkit-masked files
22:06: Quarantining All Traces: zquest
22:06: Quarantining All Traces: targetsaver
22:06: Quarantining All Traces: enhance cookie
22:06: Removal process initiated
22:02: Traces Found: 7
22:02: Custom Sweep has completed. Elapsed time 00:29:27
22:02: File Sweep Complete, Elapsed Time: 00:28:21
22:01: Warning: Stream read error
22:01: Warning: Stream read error
22:01: Warning: Stream read error
21:53: euro dance club mixes #5 - rockell - the dance (hex dez club mix) - (download if you like any techno, rave, trance, remix, dj stuff or webster hall) 1.mp3 (ID = 0)
21:53: dj twocan - everytime we touch my humps new monkey mc stompin natz dance techno rave happy hardcore bonkers dj besty cammy zitkus gillies fatcat.mp3 (ID = 0)
21:53: Found System Monitor: potentially rootkit-masked files
21:53: Warning: Failed to access drive D:
21:53: howejezuq (ID = 329519)
21:51: mc.exe (ID = 403205)
21:51: ay.exe (ID = 403199)
21:51: Found Adware: zquest
21:48: mc.exe (ID = 403205)
21:48: Found Adware: targetsaver
21:34: Starting File Sweep
21:34: Warning: Failed to access drive A:
21:34: Cookie Sweep Complete, Elapsed Time: 00:00:00
21:34: system@enhance[2].txt (ID = 2613)
21:34: Found Spy Cookie: enhance cookie
21:34: Starting Cookie Sweep
21:34: Registry Sweep Complete, Elapsed Time:00:00:16
21:33: Starting Registry Sweep
21:33: Memory Sweep Complete, Elapsed Time: 00:00:41
21:33: Starting Memory Sweep
21:33: Warning: Files are not scanned for viruses because AV engine failed to load.
21:33: Sweep initiated using definitions version 808
21:33: Spy Sweeper 5.2.3.2125 started
21:33: | Start of Session, 23 November 2006 |
********
22:41: Traces Found: 2
22:41: Custom Sweep has completed. Elapsed time 00:28:50
22:41: File Sweep Complete, Elapsed Time: 00:27:44
22:34: euro dance club mixes #5 - rockell - the dance (hex dez club mix) - (download if you like any techno, rave, trance, remix, dj stuff or webster hall) 1.mp3 (ID = 0)
22:34: dj twocan - everytime we touch my humps new monkey mc stompin natz dance techno rave happy hardcore bonkers dj besty cammy zitkus gillies fatcat.mp3 (ID = 0)
22:34: Found System Monitor: potentially rootkit-masked files
22:34: Warning: Failed to access drive D:
22:13: Starting File Sweep
22:13: Warning: Failed to access drive A:
22:13: Cookie Sweep Complete, Elapsed Time: 00:00:00
22:13: Starting Cookie Sweep
22:13: Registry Sweep Complete, Elapsed Time:00:00:16
22:13: Starting Registry Sweep
22:13: Memory Sweep Complete, Elapsed Time: 00:00:42
22:12: Starting Memory Sweep
22:12: Warning: Files are not scanned for viruses because AV engine failed to load.
22:12: Sweep initiated using definitions version 808
22:12: Spy Sweeper 5.2.3.2125 started
22:12: | Start of Session, 23 November 2006 |
********

Will have to post hijackthis log in next thread due to length of post
  #2  
Old 11-25-2006
phildigger's Avatar
Bronze Member
  
Join Date: Nov 2006
Posts: 10
phildigger - See this Members User comments on their Profile page
Default
And heres the hijack this log;

Logfile of HijackThis v1.99.1
Scan saved at 19:51:57, on 25/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\phildigger\Desktop\Phil`s Stuff\HIJACKTHIS\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10I C2.EXE" /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0713E8A2-850A-101B-AFC0-4210102A8DA7} (Microsoft TreeView Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/sh...2/ComCtl32.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://la-lasc06.spaces.msn.com//Pho...d/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Thanks folks

Phil
  #3  
Old 11-26-2006
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,532
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default
Remove this entry from the log and delete the file.

O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll

c:\windows\system32\ldcore.dll

Post a new log when done.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #4  
Old 11-26-2006
phildigger's Avatar
Bronze Member
  
Join Date: Nov 2006
Posts: 10
phildigger - See this Members User comments on their Profile page
Default
Cheers Pancake, heres the new log;

Logfile of HijackThis v1.99.1
Scan saved at 09:54:49, on 26/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\phildigger\Desktop\Phil`s Stuff\HIJACKTHIS\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10I C2.EXE" /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0713E8A2-850A-101B-AFC0-4210102A8DA7} (Microsoft TreeView Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/sh...2/ComCtl32.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://la-lasc06.spaces.msn.com//Pho...d/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  #5  
Old 11-26-2006
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,532
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default
Ok thats good.You should be fine now...


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #6  
Old 11-26-2006
phildigger's Avatar
Bronze Member
  
Join Date: Nov 2006
Posts: 10
phildigger - See this Members User comments on their Profile page
Default
Thanks a lot Pancake,one last question if I may....

AVG Anti-Spyware has quarantined some objects during scanning these are

1st scan;

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERS_0001_N82M1105NetInstaller.ex e -> Not-A-Virus.Downloader.Win32.WinFixer.j : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERS_0001_N82M1105NetInstaller.ex e -> Not-A-Virus.Downloader.Win32.WinFixer.j : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Cookies\system@server.lon.li veperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\phildigger\on.exe -> Worm.VB.ar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2B9EA4A3-06D3-48F9-B8D0-5A3844386EE4}\RP298\A0096789.exe -> Worm.VB.ar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\on.exe -> Worm.VB.ar : Cleaned with backup (quarantined).

2nd scan

C:\System Volume Information\_restore{2B9EA4A3-06D3-48F9-B8D0-5A3844386EE4}\RP298\A0096815.exe -> Worm.VB.ar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2B9EA4A3-06D3-48F9-B8D0-5A3844386EE4}\RP298\A0096816.exe -> Worm.VB.ar : Cleaned with backup (quarantined)

3rd scan

C:\Documents and Settings\phildigger\Cookies\phildigger@www.burstne t[1].txt -> TrackingCookie.Burstnet : Cleaned.

Will it be good practice to hit the remove finally button and get rid of them rather than just leaving them in quarantine?

Once again thanks for your time and advice, its greatly appreciated

Phil

Reply
New! Norton Internet Security 2008 – Download Now Click Here
Page 1 of 2 1 2 >

Bookmarks

« [Resolved] my hijackthis log, please help!! | [Closed] MY HIjack THis log - anything strike you »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 02:52 AM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top