Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Check my log please


  • Please log in to reply
5 replies to this topic

#1 Saikostyle

Saikostyle

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 24 October 2004 - 02:18 AM

Well i've protected my pc with several anti spyware (etc) programs like ad aware and spyware blaster... so now i'm curious if my log is clean.. it looks clean to me... so can you guys check it out and tell me?

Thanks in advance :thumbsup:

Logfile of HijackThis v1.98.2
Scan saved at 9:18:56 AM, on 10/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TBPanel.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
E:\Programz\msnplus\MsgPlus.exe
C:\WINDOWS\System32\nvsvc32.exe
E:\Programz\Winamp\winampa.exe
E:\Programz\Tiny'sFW\persfw.exe
C:\WINDOWS\System32\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
E:\Games\Steam\Steam.exe
E:\Programz\LeechGet 2004\LeechGet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\eMule\emule.exe
E:\Programz\Winamp\Winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Programz\hjt\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [MessengerPlus3] "E:\Programz\msnplus\MsgPlus.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MessengerPlus3] "E:\Programz\msnplus\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] E:\Games\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [LeechGet] "E:\Programz\LeechGet 2004\LeechGet.exe" -intray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download met LeechGet - file://E:\Programz\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download met LeechGet Wizard - file://E:\Programz\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Verwerk met LeechGet (Parse) - file://E:\Programz\LeechGet 2004\\Parser.html
O16 - DPF: {10ABC6DB-E091-4EAE-98DD-21B5A2460714} (DetInstaller Class) - http://www.pandasoftware.es/avchecker/cont...s/AvDetInst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095583590858
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Greetz

Saikostyle

BC AdBot (Login to Remove)

 


#2 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:07:41 PM

Posted 24 October 2004 - 04:36 AM

Hi Saikostyle

1. You have Messenger Plus installed. This program is known to install malware. I would advise that you remove this program from your computer.

2. Some items are disabled in MSCONFIG, and not all your startup items are visible.
Go to Start -> Run -> Type msconfig and press Enter.

Click the Startup tab and check all Startup items or press the Enable All button and Close. Then press the Exit without restart button. Do not reboot your computer, all items will be active after reboot. After you post the HJT log you can uncheck back the items.

Run HijackThis and post a new log please.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#3 Saikostyle

Saikostyle
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 25 October 2004 - 02:01 AM

Logfile of HijackThis v1.98.2
Scan saved at 9:01:21 AM, on 10/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TBPanel.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
E:\Programz\msnplus\MsgPlus.exe
E:\Programz\NORTON~1\vptray.exe
C:\WINDOWS\System32\RUNDLL32.EXE
E:\Programz\NORTON~1\DefWatch.exe
E:\Programz\LeechGet 2004\LeechGet.exe
E:\Programz\NORTON~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Programz\hjt\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] E:\Programz\NORTON~1\vptray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "E:\Programz\msnplus\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] E:\Programz\Winamp\winampa.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] E:\Games\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LeechGet] "E:\Programz\LeechGet 2004\LeechGet.exe" -intray
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\RECYCLER\NPROTECT\00025830.rbf
O8 - Extra context menu item: Download met LeechGet - file://E:\Programz\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download met LeechGet Wizard - file://E:\Programz\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Verwerk met LeechGet (Parse) - file://E:\Programz\LeechGet 2004\\Parser.html
O16 - DPF: {10ABC6DB-E091-4EAE-98DD-21B5A2460714} (DetInstaller Class) - http://www.pandasoftware.es/avchecker/cont...s/AvDetInst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095583590858
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

#4 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:07:41 PM

Posted 25 October 2004 - 02:49 AM

Well i've protected my pc with several anti spyware (etc) programs like ad aware and spyware blaster... so now i'm curious if my log is clean.. it looks clean to me... so can you guys check it out and tell me?

Log looks clean, except Messenger Plus, this program is known to install malware.

You can fix this with HijackThis:
Run HijackThis!, press Scan, and put a check mark next to all these:

O4 - Global Startup: Microsoft Office.lnk = E:\RECYCLER\NPROTECT\00025830.rbf

Close all other windows and browsers, and press Fix Checked button.

Empty your temp files, Internet Explorer cache and Norton Protected files.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#5 Saikostyle

Saikostyle
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 27 October 2004 - 03:23 AM

How do you clean Norton Protected files?

with noton 2003 my recycle bin was norton protected or something... now i have norton2004 pro and my recycle bin aint protected anymore??

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,660 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:41 PM

Posted 28 October 2004 - 07:32 PM

No we are just removing the link. The files should be still there and protected, the link to them will be gone.

Please post a last log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users