[Solved]HijackThis log. Please review?

Discussion in 'adware, spyware & hijack cleaning' started by Nakaris, Jun 18, 2004.

Thread Status:
Not open for further replies.
  1. Nakaris

    Nakaris Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    6
    For anyone who looked at my last log, this is to a different computer that I'm using. The last was my boyfriend's. I'm not running into any problems, but I'd like to get rid of what I don't need.

    Logfile of HijackThis v1.97.7
    Scan saved at 3:33:33 PM, on 6/18/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\SM1BG.EXE
    C:\documents and settings\lil kitten\local settings\temp\8LN.exe
    C:\windows\temp\sWJexgs.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    d:\FAHConsole\srvany.exe
    d:\FAHConsole\FAH4Console.exe
    C:\WINDOWS\System32\javaw.exe
    d:\FAHConsole\FahCore_65.exe
    C:\totalcmd\TOTALCMD.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hijack This\HijackThis.exe

    R3 - Default URLSearchHook is missing
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
    O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    O4 - HKLM\..\Run: [8LN] C:\documents and settings\lil kitten\local settings\temp\8LN.exe
    O4 - HKLM\..\Run: [sWJexgs] C:\windows\temp\sWJexgs.exe
    O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19bcb3f638c47b292e06/netzip/RdxIE601.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38024.4525462963
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FBB60251-0D11-4201-8CCB-1DBA39CFA0E1}: NameServer = 192.168.5.1

    Thanks in advance,
    Nakaris
     
  2. Nakaris

    Nakaris Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    6
    Log, please review!

    Logfile of HijackThis v1.97.7
    Scan saved at 2:12:16 AM, on 6/27/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\documents and settings\lil kitten\local settings\temp\8LN.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\windows\temp\sWJexgs.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    d:\FAHConsole\srvany.exe
    d:\FAHConsole\FAH4Console.exe
    d:\FAHConsole\FahCore_78.exe
    C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijack This\HijackThis.exe

    R3 - Default URLSearchHook is missing
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [8LN] C:\documents and settings\lil kitten\local settings\temp\8LN.exe
    O4 - HKLM\..\Run: [sWJexgs] C:\windows\temp\sWJexgs.exe
    O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19bcb3f638c47b292e06/netzip/RdxIE601.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38024.4525462963
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FBB60251-0D11-4201-8CCB-1DBA39CFA0E1}: NameServer = 192.168.5.1
     
  3. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Re: HijackThis log. Please review?

    Hi Nakaris,

    I have merged your two threads together since you posted a more recent log for this computer.


    First, make sure you have all files and folders viewable:
    How to Show Hidden Files and Folders

    Open Taskmanager (Ctrl-Alt-Del) to end the running processes for these:
    C:\documents and settings\lil kitten\local settings\temp\8LN.exe
    C:\windows\temp\sWJexgs.exe

    Then navigate to the two files, zip up a copy of them (password protect them, and use the word infected as the password) and email the zipped copies to pieterATwilderssecurity.org (replace the AT with an @) for analysis. In the body of the email message, state that the password is "infected" and include a link to this thread, so Pieter will be able to find it easily. Can you also submit a zipped copy to submit@diamondcs.com.au thank you.

    Then go to Kaspersky and upload each file for a scan.


    Next, place a check beside the following items in HijackThis.
    Close all windows except HijackThis, and click *Fix checked:

    R3 - Default URLSearchHook is missing

    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [8LN] C:\documents and settings\lil kitten\local settings\temp\8LN.exe
    O4 - HKLM\..\Run: [sWJexgs] C:\windows\temp\sWJexgs.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19bcb3f...ip/RdxIE601.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab


    Reboot your computer into Safe Mode by tapping the F8 key just before windows begins to load.

    Navigate to C:\documents and settings\lil kitten\local settings\temp\ and select everything in that folder and delete it.
    Then navigate to the C:\windows\temp\ and delete everything in there too except the following folders, Temporary Internet Files, Cookies and History folders (leave those)
    Note: Make sure these two files are deleted:
    C:\documents and settings\lil kitten\local settings\temp\8LN.exe
    C:\windows\temp\sWJexgs.exe

    And clear your IE cache: open IE --> Tools --> Internet Options --> click on "Delete Files" and put a check in the box for "Off line contents", click OK, then click the "History" button, then click "yes" to clear it, then "OK" to close the Internet Options Panel.

    Reboot your computer normally, and follow-up with an on-line scan at one of these antivirus sites: Free Services

    Repost a new Hijackthis log here (in this thread) along with the Kaspersky scan for those two files.

    Regards,

    snap
     
  4. Nakaris

    Nakaris Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    6
    New logs

    I have around 16 folders with names similar to this: $NtUninstallKB821253$
    Can I delete these or should I leave them be? o_O
    Here are the logs you wanted.
    I ran Micro Trend scan and it came up with this:
    Troj Stilen.a non-cleanable
    c:/windows/system32/.exe
    I told it to delete the file and it seems to be gone.

    Scanned file: sWJexgs.exe
    sWJexgs.exe - OK
    Statistics:
    Known viruses: 91953 Updated: 27-06-2004
    File size (Kb): 229 Virus bodies: 0
    Files: 1 Warnings: 0
    Archives: 0 Suspicious: 0

    Scanned file: 8LN.zip
    8LN.zip - archived by ZIP
    8LN.zip/8LN.exe Password protected
    8LN.zip - OK
    Statistics:
    Known viruses: 91953 Updated: 27-06-2004
    File size (Kb): 109 Virus bodies: 0
    Files: 3 Warnings: 0
    Archives: 1 Suspicious: 0

    Scanned file: 8LN.exe
    8LN.exe - OK
    Statistics:
    Known viruses: 91953 Updated: 27-06-2004
    File size (Kb): 229 Virus bodies: 0
    Files: 1 Warnings: 0
    Archives: 0 Suspicious: 0


    Logfile of HijackThis v1.97.7
    Scan saved at 8:05:55 PM, on 6/27/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    d:\FAHConsole\srvany.exe
    d:\FAHConsole\FAH4Console.exe
    d:\FAHConsole\FahCore_65.exe
    C:\Program Files\Hijack This\HijackThis.exe

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38024.4525462963
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FBB60251-0D11-4201-8CCB-1DBA39CFA0E1}: NameServer = 192.168.5.1
     
  5. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Re: New logs

    Hi Nakaris,

    These are the Windows XP Hotfixes which would have been downloaded to your C:\Windows folder from Microsoft when you installed the service packs and security updates. Windows would have these files and folders hidden from view by default, but since we had you unhide files and folders, you will now see them. They are fine so do not delete them. :)

    Looks like the on-line scan took care of things, because you log looks clean now. :)

    You will need to turn off your System Restore, then reboot your computer to purge old restore points and remove any infection that would have been backed up in there: System Restore Instructions for XP.
    Remember to re-enable System Restore after a reboot, and set a new Restore Point.

    Here are some steps to follow to help tighten your security and prevent future infection: Why did I get infected in the first place?

    And make sure to visit Microsoft's Update Site and have all the Critical Updates listed for XP and IE6 installed.

    Regards,

    snap
     
  6. Nakaris

    Nakaris Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    6
    Thanks

    Thanks so much. I didn't realize that my computer was running a little sluggish untill the files that didn't belong were removed. :D
     
Thread Status:
Not open for further replies.