Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log


  • This topic is locked This topic is locked
5 replies to this topic

#1 delphi07

delphi07

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 19 February 2009 - 09:08 AM

I was looking at a Hijack this tutorial and it said post my log file on this forum
Can someone help and tell me which programs to remove from this list???.

thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:50 a.m., on 20/02/2009
Platform: Windows XP SP3, v.3300 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Hotspot Shield\bin\openvpnas.exe
D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\Program Files\Norton Ghost\Agent\VProSvc.exe
D:\WINDOWS\system32\pctspk.exe
D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Softwin\BitDefender9\vsserv.exe
d:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\Mixer.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
D:\Program Files\Norton Ghost\Agent\VProTray.exe
D:\Program Files\Softwin\BitDefender9\bdmcon.exe
D:\Program Files\Softwin\BitDefender9\bdnagent.exe
D:\Program Files\Softwin\BitDefender9\bdswitch.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
D:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
D:\Program Files\MaxiVista Demo Server\MaxiVistaDemo.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Mozilla Thunderbird\thunderbird.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - D:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [mcagent_exe] D:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "D:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [BDMCon] "D:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "D:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "D:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: gwum.lnk = D:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - D:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - D:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - D:\WINDOWS\system32\pctspk.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - D:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7549 bytes

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 28 February 2009 - 02:37 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

I see that you are running more than one antivirus program, BitDefender and McAfee. It is not recommended that you do so. In addition to wasting resources, the programs may detect virus signatures in the other and cause false positives. The different drivers used by the programs can cause crashes.

Please uninstall them until you are only running one antivirus using Add/Remove Programs.

Download and Run DDS
If you already have a copy of DDS, there is no need to download a new one.

DDS is a tool that gives us a general overview of the condition of your machine.

Download DDS by sUBs from any of the links below:
DDS.com, DDS.scr, DDS.pif

Double click its icon to run it. If you are using Windows Vista, right click it and select "Run as Administrator".
When the scan is finished, two logs will open.
Post DDS.txt directly into your reply. Attach Attach.txt.

F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Please post back with:
-the DDS logs
-the F-Secure scan log

Please give me an update on the symptoms. Also tell me of any changes you have made to this computer.

With Regards,
The Panda

#3 delphi07

delphi07
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 02 March 2009 - 05:36 AM

Hi. And thanks for you help and reply. I have made the logs for you the f-secure one and the dds log and the attach logs. I have not yet removed one of the security programs. But can you still tell me which items to remove in hijack ???..I havent done this before so not to sure how this works.

I have not experienced any crashes on my system yet and I have been running the two for quite a while. If it is essential to you helping me I will remove bitdeffender. The reason I ran both was because. It detected some things that my virus program did not I am running mcafee for my current virus scanner program,

btw I cannot recall any recent changes,. .. I would like to learn more about this program also,. It seems quite complecated to use.

the logs are attached here to this post and the scan report is below:;...

DDS (Ver_09-02-01.01) - NTFSx86
Run by Brad Seagar at 23:11:14.29 on Mon 02/03/2009
Internet Explorer: 8.0.6001.18372
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.551 [GMT 13:00]

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Hotspot Shield\bin\openvpnas.exe
D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\Program Files\Norton Ghost\Agent\VProSvc.exe
D:\WINDOWS\system32\pctspk.exe
D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\Explorer.EXE
d:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\WINDOWS\Mixer.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
D:\Program Files\Norton Ghost\Agent\VProTray.exe
D:\Program Files\Softwin\BitDefender10\bdmcon.exe
D:\Program Files\Softwin\BitDefender10\bdagent.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
D:\Program Files\OpenOffice.org 2.4\program\soffice.exe
D:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Softwin\BitDefender10\vsserv.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Brad Seagar\Desktop\dds.com

============== Pseudo HJT Report ===============

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre1.6.0_04\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - d:\program files\mcafee\virusscan\scriptsn.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - d:\program files\hotspot shield\hssie\HssIE.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [CTFMON.EXE] d:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [mcagent_exe] d:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [SunJavaUpdateSched] "d:\program files\java\jre1.6.0_04\bin\jusched.exe"
mRun: [Norton Ghost 12.0] "d:\program files\norton ghost\agent\VProTray.exe"
mRun: [BDMCon] "d:\program files\softwin\bitdefender10\bdmcon.exe" /reg
mRun: [BDAgent] "d:\program files\softwin\bitdefender10\bdagent.exe"
mRun: [ATICCC] "d:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
StartupFolder: d:\docume~1\bradse~1\startm~1\programs\startup\maxivi~2.lnk - d:\program files\maxivista server\MaxiVistaA.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - d:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\gwum.lnk - d:\program files\gigabyte\gigabyte windows utility manager\gwum.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - d:\program files\java\jre1.6.0_04\bin\ssv.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;d:\windows\system32\drivers\mfehidk.sys [2008-12-25 201320]
R2 aawservice;Lavasoft Ad-Aware Service;d:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 ETDrv;ETDrv;d:\windows\system32\drivers\ETDrv.sys [2009-1-1 151476]
R2 HssSrv;Hotspot Shield Helper Service;d:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-2-6 117208]
R2 MaxiAcom;MaxiAcom;d:\windows\system32\drivers\Maxiacom.SYS [2009-2-28 5888]
R2 MaxiMcom;MaxiMcom;d:\windows\system32\drivers\MaxiMcom.SYS [2009-2-28 6016]
R2 McProxy;McAfee Proxy Service;d:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-12-25 359248]
R2 McShield;McAfee Real-time Scanner;d:\progra~1\mcafee\viruss~1\mcshield.exe [2008-12-25 144704]
R3 HssDrv;Hotspot Shield Helper Miniport;d:\windows\system32\drivers\hssdrv.sys [2009-2-8 31704]
R3 MarkFun_NT;MarkFun_NT;d:\program files\gigabyte\gigabyte windows utility manager\MARKFUN.W32 [2009-1-1 8236]
R3 maximir;maximir;d:\windows\system32\drivers\maximir.sys [2009-2-28 4736]
R3 maxivista;Maxi_Vista_DriverA;d:\windows\system32\drivers\maxivista.sys [2009-2-28 4864]
R3 mfeavfk;McAfee Inc. mfeavfk;d:\windows\system32\drivers\mfeavfk.sys [2008-12-25 79304]
R3 mfebopk;McAfee Inc. mfebopk;d:\windows\system32\drivers\mfebopk.sys [2008-12-25 35240]
R3 mferkdk;McAfee Inc. mferkdk;d:\windows\system32\drivers\mferkdk.sys [2008-12-25 33832]
R3 WMIBIOS;%WMIBIOS.ServiceName%;d:\windows\system32\drivers\wmibios.sys [2009-1-1 18272]
R3 WMIINFO;WMIINFO Driver;d:\windows\system32\drivers\wmiinfo.sys [2009-1-1 21184]
S3 maxidemo;Maxi_Vista_Demo_Driver;d:\windows\system32\drivers\maxidemo.sys --> d:\windows\system32\drivers\maxidemo.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;d:\windows\system32\drivers\mfesmfk.sys [2008-12-25 40488]
S4 McSysmon;McAfee SystemGuards;d:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-25 695624]

=============== Created Last 30 ================

2009-03-01 23:00 26,368 ac------ d:\windows\system32\dllcache\usbstor.sys
2009-02-28 18:56 6,016 a------- d:\windows\system32\drivers\MaxiMcom.SYS
2009-02-28 18:56 5,888 a------- d:\windows\system32\drivers\Maxiacom.SYS
2009-02-28 18:55 11,008 a------- d:\windows\system32\maximir.dll
2009-02-28 18:55 4,736 a------- d:\windows\system32\drivers\maximir.sys
2009-02-28 18:55 15,232 a------- d:\windows\system32\maxivista.dll
2009-02-28 18:55 4,864 a------- d:\windows\system32\drivers\maxivista.sys
2009-02-28 18:55 <DIR> --d----- d:\program files\MaxiVista Server
2009-02-23 18:18 <DIR> --d----- d:\program files\Lavasoft
2009-02-23 18:17 <DIR> --d----- d:\program files\common files\Wise Installation Wizard
2009-02-23 18:02 <DIR> --d----- d:\docume~1\bradse~1\applic~1\Bitdefender
2009-02-23 18:00 <DIR> -cd-h--- d:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-23 17:50 <DIR> --d----- d:\docume~1\alluse~1\applic~1\BitDefender
2009-02-16 23:32 56,320 a------- d:\windows\system32\drivers\UACd.sys
2009-02-14 22:18 <DIR> --d----- d:\program files\Trend Micro
2009-02-14 02:09 <DIR> --d----- d:\program files\common files\Macromedia Shared
2009-02-14 02:08 <DIR> --d----- d:\program files\common files\Macromedia
2009-02-14 02:04 <DIR> --d----- d:\program files\Macromedia
2009-02-13 20:49 1,693,696 a------- d:\windows\system32\ltclr13n.dll
2009-02-13 20:49 142,848 a------- d:\windows\system32\lftif13n.dll
2009-02-13 20:49 90,112 a------- d:\windows\system32\lfjbg13n.dll
2009-02-13 20:49 73,728 a------- d:\windows\system32\lffax13n.dll
2009-02-13 20:49 445,440 a------- d:\windows\system32\ltimg13n.dll
2009-02-13 20:49 388,608 a------- d:\windows\system32\lfcmp13n.dll
2009-02-13 20:49 246,272 a------- d:\windows\system32\lfj2k13n.dll
2009-02-13 20:49 206,848 a------- d:\windows\system32\ltefx13n.dll
2009-02-13 20:49 154,112 a------- d:\windows\system32\ltfil13n.dll
2009-02-13 20:49 453,120 a------- d:\windows\system32\ltkrn13n.dll
2009-02-13 20:49 265,216 a------- d:\windows\system32\ltdis13n.dll
2009-02-13 20:49 189,976 a------- d:\windows\system32\mfimgvwr.ocx
2009-02-13 20:48 <DIR> --d----- d:\program files\MFInstall
2009-02-09 08:31 552 a------- d:\windows\system32\d3d8caps.dat
2009-02-09 07:54 950,488 a------- D:\Maxivista_Setup_SecondaryPC.exe
2009-02-09 07:23 3 a------- d:\windows\system32\OutM64proc32.dll
2009-02-09 07:23 3 a------- d:\windows\system32\InM64proc32.dll
2009-02-09 07:22 <DIR> --d----- d:\program files\MaxiVista Demo Server
2009-02-08 21:56 <DIR> --dsh--- d:\documents and settings\brad seagar\IECompatCache
2009-02-08 21:55 <DIR> --dsh--- d:\documents and settings\brad seagar\PrivacIE
2009-02-08 21:55 <DIR> --dsh--- d:\documents and settings\brad seagar\IETldCache
2009-02-08 21:44 <DIR> -cd-h--- d:\windows\ie8
2009-02-08 20:00 31,704 a------- d:\windows\system32\drivers\hssdrv.sys
2009-02-07 20:41 <DIR> --d----- d:\docume~1\bradse~1\applic~1\GlarySoft
2009-02-07 20:40 <DIR> --d----- d:\program files\Glary Registry Repair
2009-02-04 22:13 <DIR> --d----- d:\program files\Joyland Casino

==================== Find3M ====================

2009-03-02 23:06 81,984 a------- d:\windows\system32\bdod.bin
2009-01-20 13:23 0 a------- d:\documents and settings\brad seagar\driver.bat
2009-01-15 02:05 911,872 a------- d:\windows\system32\wininet.dll
2009-01-15 02:05 43,008 a------- d:\windows\system32\licmgr10.dll
2009-01-15 02:04 18,944 a------- d:\windows\system32\corpol.dll
2009-01-15 02:03 420,352 a------- d:\windows\system32\vbscript.dll
2009-01-15 02:03 72,704 a------- d:\windows\system32\admparse.dll
2009-01-15 02:03 71,680 a------- d:\windows\system32\iesetup.dll
2009-01-15 02:01 34,304 a------- d:\windows\system32\imgutil.dll
2009-01-15 02:00 48,128 a------- d:\windows\system32\mshtmler.dll
2009-01-15 02:00 45,568 a------- d:\windows\system32\mshta.exe
2009-01-15 01:50 156,160 a------- d:\windows\system32\msls31.dll
2008-12-25 21:34 60,416 a------- d:\windows\ALCFDRTM.EXE
2008-12-24 20:24 1,536 a------- d:\windows\system32\TrueSoft.dat
2008-12-24 20:21 21,640 a------- d:\windows\system32\emptyregdb.dat
2004-01-01 21:11 32,768 a--sh--- d:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012004010120040102\index.dat

============= FINISH: 23:11:47.85 ===============




Scanning Report
Monday, March 02, 2009 23:21:31 - 23:28:10
Computer name: COMP-1
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ E:\


--------------------------------------------------------------------------------

Result: 9 malware found
TrackingCookie.2o7 (spyware)
System
TrackingCookie.Advertising (spyware)
System
TrackingCookie.Atdmt (spyware)
System
TrackingCookie.Atwola (spyware)
System
TrackingCookie.Doubleclick (spyware)
System
TrackingCookie.Mediaplex (spyware)
System
TrackingCookie.Revsci (spyware)
System
TrackingCookie.Webtrends (spyware)
System
TrackingCookie.Yieldmanager (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 346
System: 2870
Not scanned: 0
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 9
Submitted: 0
Files not scanned:

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 3.0.0
F-Secure Hydra: 3.6.8511, 2009-03-02
F-Secure AVP: 7.0.171, 2009-03-02
F-Secure Pegasus: 1.20.0, 1970-00-01
F-Secure Blacklight: 0.0.0
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Attached Files


Edited by PropagandaPanda, 02 March 2009 - 03:24 PM.


#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 02 March 2009 - 03:27 PM

Hello.

There does not appear to be any items of concern.

HijackThis and DDS examine the areas where programs, such as malware, start automatically from. Most of these entries are safe and some even essential for your computer to work properly.

If you wish to keep BitDefender only for scanning, then that is fine.

With Regards,
The Panda

#5 delphi07

delphi07
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 03 March 2009 - 02:06 AM

thanks I will keep this in mind,,, ....

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 18 March 2009 - 09:01 AM

Hello.

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users