Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please check my log


  • This topic is locked This topic is locked
7 replies to this topic

#1 monika

monika

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 26 June 2005 - 12:51 PM

Hello there,

please check my log. I have not had a chance to run protection adware and spyware programs for some time and not found lots of spyware and adware in my comp. Used Ad-aware SE to get rid of some, but still it is not quite right, comp still slow.

Thank a lot.

Monika

BC AdBot (Login to Remove)

 


#2 monika

monika
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 26 June 2005 - 12:52 PM

Hello there,

please check my log. I have not had a chance to run protection adware and spyware programs for some time and not found lots of spyware and adware in my comp. Used Ad-aware SE to get rid of some, but still it is not quite right, comp still slow.

Thank a lot.

Monika


Logfile of HijackThis v1.99.1
Scan saved at 19:49:02, on 26/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\PROGRA~1\MOZILLA\MOZILLA.EXE
C:\Documents and Settings\Monique a Milanocek\Dokumenty\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Poskytovatel aplikace Microsoft Internet Explorer: Stahuj.cz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Documents and Settings\Monique a Milanocek\Plocha\Cleanup.exe /WindowsRestart
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Stahuj.cz - {58D5AB58-00AE-4700-BE55-F87C7D94D618} - http://www.stahuj.cz (file missing) (HKCU)
O13 - WWW Prefix:
O14 - IERESET.INF: START_PAGE_URL=http://www.stahuj.cz
O16 - DPF: BSC Applet Security - https://ibs.internetbanka.cz/ibs31/bin/apls...99.99.99.99.cab
O16 - DPF: BSC Applet Utilities - https://ibs.internetbanka.cz/ibs31/bin/aplu...99.99.99.99.cab
O16 - DPF: BSC Business Objects - https://ibs.internetbanka.cz/ibs31/bin/busi...99.99.99.99.cab
O16 - DPF: BSC Java Components Library - https://ibs.internetbanka.cz/ibs31/bin/jcl-99.99.99.99.cab
O16 - DPF: BSC Text Utilities - https://ibs.internetbanka.cz/ibs31/bin/text-99.99.99.99.cab
O16 - DPF: BSC Utilities - https://ibs.internetbanka.cz/ibs31/bin/util-99.99.99.99.cab
O16 - DPF: GEMINI IBS 31 GECB Applet Security - https://ibs.internetbanka.cz/ibs31/bin/IBS3...sec-3.2.0.1.cab
O16 - DPF: GEMINI IBS 31 GECB Applet Utilities - https://ra.internetbanka.cz/ra31/bin/IBS31-...til-1.0.1.0.cab
O16 - DPF: IAIK Java Cryptography Extension - https://ibs.internetbanka.cz/ibs31/bin/IAIK-99.99.99.99.cab
O16 - DPF: KB KTpro Pack - https://www.mojebanka.cz/jars/kt_pro_v1101.cab
O16 - DPF: KB SH Pack - https://www.mojebanka.cz/jars/sh_pack.cab
O16 - DPF: MIB Pack - https://www.mojebanka.cz/jars/mib_pack_v1400.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C628BAB8-AD3E-47B0-9B52-6D3F03B24C85}: NameServer = 80.225.252.50 80.225.252.58
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#3 Efwis

Efwis

    The Spyware Killing Dragon


  • Members
  • 59 posts
  • OFFLINE
  •  
  • Location:Iowa, USA
  • Local time:03:25 PM

Posted 26 June 2005 - 01:01 PM

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.


O9 - Extra button: Stahuj.cz - {58D5AB58-00AE-4700-BE55-F87C7D94D618} - http://www.stahuj.cz (file missing) (HKCU)
O13 - WWW Prefix:
O14 - IERESET.INF: START_PAGE_URL=http://www.stahuj.cz
O16 - DPF: BSC Applet Security - https://ibs.internetbanka.cz/ibs31/bin/apls...99.99.99.99.cab
O16 - DPF: BSC Applet Utilities - https://ibs.internetbanka.cz/ibs31/bin/aplu...99.99.99.99.cab
O16 - DPF: BSC Business Objects - https://ibs.internetbanka.cz/ibs31/bin/busi...99.99.99.99.cab
O16 - DPF: BSC Java Components Library - https://ibs.internetbanka.cz/ibs31/bin/jcl-99.99.99.99.cab
O16 - DPF: BSC Text Utilities - https://ibs.internetbanka.cz/ibs31/bin/text-99.99.99.99.cab
O16 - DPF: BSC Utilities - https://ibs.internetbanka.cz/ibs31/bin/util-99.99.99.99.cab
O16 - DPF: GEMINI IBS 31 GECB Applet Security - https://ibs.internetbanka.cz/ibs31/bin/IBS3...sec-3.2.0.1.cab
O16 - DPF: GEMINI IBS 31 GECB Applet Utilities - https://ra.internetbanka.cz/ra31/bin/IBS31-...til-1.0.1.0.cab
O16 - DPF: IAIK Java Cryptography Extension - https://ibs.internetbanka.cz/ibs31/bin/IAIK-99.99.99.99.cab
O16 - DPF: KB KTpro Pack - https://www.mojebanka.cz/jars/kt_pro_v1101.cab
O16 - DPF: KB SH Pack - https://www.mojebanka.cz/jars/sh_pack.cab
O16 - DPF: MIB Pack - https://www.mojebanka.cz/jars/mib_pack_v1400.cab


Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :thumbsup:
Posted Image
if you like what I have done please consider making a donation to help fight spyware Posted Image

#4 monika

monika
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 26 June 2005 - 01:17 PM

Okay, the only thing I am bit concerned about is that most of these logs are connected to using my online banking, shall I check and delete them anyway???
They are these following:

O16 - DPF: BSC Applet Security - https://ibs.internetbanka.cz/ibs31/bin/apls...99.99.99.99.cab
O16 - DPF: BSC Applet Utilities - https://ibs.internetbanka.cz/ibs31/bin/aplu...99.99.99.99.cab
O16 - DPF: BSC Business Objects - https://ibs.internetbanka.cz/ibs31/bin/busi...99.99.99.99.cab
O16 - DPF: BSC Java Components Library - https://ibs.internetbanka.cz/ibs31/bin/jcl-99.99.99.99.cab
O16 - DPF: BSC Text Utilities - https://ibs.internetbanka.cz/ibs31/bin/text-99.99.99.99.cab
O16 - DPF: BSC Utilities - https://ibs.internetbanka.cz/ibs31/bin/util-99.99.99.99.cab
O16 - DPF: GEMINI IBS 31 GECB Applet Security - https://ibs.internetbanka.cz/ibs31/bin/IBS3...sec-3.2.0.1.cab
O16 - DPF: GEMINI IBS 31 GECB Applet Utilities - https://ra.internetbanka.cz/ra31/bin/IBS31-...til-1.0.1.0.cab
O16 - DPF: IAIK Java Cryptography Extension - https://ibs.internetbanka.cz/ibs31/bin/IAIK-99.99.99.99.cab
O16 - DPF: KB KTpro Pack - https://www.mojebanka.cz/jars/kt_pro_v1101.cab
O16 - DPF: KB SH Pack - https://www.mojebanka.cz/jars/sh_pack.cab
O16 - DPF: MIB Pack - https://www.mojebanka.cz/jars/mib_pack_v1400.cab

#5 Efwis

Efwis

    The Spyware Killing Dragon


  • Members
  • 59 posts
  • OFFLINE
  •  
  • Location:Iowa, USA
  • Local time:03:25 PM

Posted 26 June 2005 - 01:20 PM

this is a list of files that was downloaded to your computer. if you computer needs them again it will automatically download it. generally once they are downloaded all these entries do is take up space on your hard drive as registry entries saying "hey you downloaded this entry"

there is no harm in removing those entries.
Posted Image
if you like what I have done please consider making a donation to help fight spyware Posted Image

#6 monika

monika
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 26 June 2005 - 01:41 PM

this is my log now:

Logfile of HijackThis v1.99.1
Scan saved at 20:35:28, on 26/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Monique a Milanocek\Dokumenty\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Poskytovatel aplikace Microsoft Internet Explorer: Stahuj.cz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

system seems to be running better. Is my og okay now, or is there something else i should do???

Ta

#7 monika

monika
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 26 June 2005 - 02:05 PM

hello...

did you forget about me???

#8 Efwis

Efwis

    The Spyware Killing Dragon


  • Members
  • 59 posts
  • OFFLINE
  •  
  • Location:Iowa, USA
  • Local time:03:25 PM

Posted 26 June 2005 - 04:39 PM

no I didn't forget about you. I work on numerous logs at one time.

congrats your log is clean :thumbsup:
How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use) Click Here.

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox Posted Image.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats. :spoton:
Posted Image
if you like what I have done please consider making a donation to help fight spyware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users