Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log


  • Please log in to reply
13 replies to this topic

#1 science

science

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 26 March 2007 - 02:09 AM

First post was Windows Firewall/system Restore is "missing" ~
http://www.bleepingcomputer.com/forums/t/85874/windows-firewallsystem-restore-is-missing/

Serious issues with my computer. I am also going to post what Avast! Antivirus found. No viruses but 37 files that couldn't be scanned, and 2 decompression bombs. :thumbsup: I'm not able to create a proper list of this information; this is just what shows up as having not been scanned after a thorough scan.

I'm trying not to panic.


Logfile of HijackThis v1.99.1
Scan saved at 1:02:19 AM, on 3/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rimmerkins\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121791809482
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144465263432
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Unknown owner - C:\WINDOWS\System32\drivers\CDAC11BA.EXE (file missing)
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\IPODthinger\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

Edited by science, 26 March 2007 - 02:41 AM.


BC AdBot (Login to Remove)

 


#2 science

science
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 26 March 2007 - 02:24 AM

Warning list from Avast! Antivirus ~

3/23/2007 2:14:29 AM Rimmerkins 3788 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{B71EDBA2-4522-409A-8E61-EA8756DD75BF}\RP659\A0133130.dll" file.
3/23/2007 3:46:33 AM Rimmerkins 3788 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{B71EDBA2-4522-409A-8E61-EA8756DD75BF}\RP659\A0133131.dll" file.
3/23/2007 3:46:39 AM Rimmerkins 3788 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{B71EDBA2-4522-409A-8E61-EA8756DD75BF}\RP659\A0133132.exe" file.
3/23/2007 3:46:51 AM Rimmerkins 3788 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{B71EDBA2-4522-409A-8E61-EA8756DD75BF}\RP659\A0133133.dll" file.
3/23/2007 3:46:54 AM Rimmerkins 3788 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{B71EDBA2-4522-409A-8E61-EA8756DD75BF}\RP659\A0133138.dll" file.
3/23/2007 3:47:07 AM Rimmerkins 3788 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{B71EDBA2-4522-409A-8E61-EA8756DD75BF}\RP659\A0133228.exe" file.
3/23/2007 4:29:19 AM Rimmerkins 3788 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\interf.tlb" file.
3/24/2007 12:43:59 AM Rimmerkins 1484 Function setifaceUpdatePackages() has failed. Return code is 0x00000002, dwRes is 00000002.
3/24/2007 3:06:24 AM Rimmerkins 1484 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{B71EDBA2-4522-409A-8E61-EA8756DD75BF}\RP659\A0133138.dll" file.
3/24/2007 3:07:36 AM Rimmerkins 1484 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{B71EDBA2-4522-409A-8E61-EA8756DD75BF}\RP659\A0133228.exe" file.
3/24/2007 3:21:57 AM Rimmerkins 1484 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{B71EDBA2-4522-409A-8E61-EA8756DD75BF}\RP716\A0151337.tlb" file.

#3 science

science
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 26 March 2007 - 02:28 AM

error report from Avast! antivirus ~ I have been unable to activate some of Avast's functions due to the reboot where i had 2 antivirus software programs running at the same time. :thumbsup: I am going to shut off my computer for the night, but I am considering reinstalling Avast to see if that helps.

My sincerest thanks to all for your consideration. /kneels


3/23/2007 6:38:20 PM SYSTEM 1812 AAVM - initialization error: Instant Messaging provider: cannot start because 'AVIRA (H+BEDV) AntiVir' is active!, 00000000.
3/23/2007 6:38:20 PM SYSTEM 1812 AAVM - initialization error: P2P provider: cannot start because 'AVIRA (H+BEDV) AntiVir' is active!, 00000000.
3/23/2007 6:38:20 PM SYSTEM 1812 AAVM - initialization error: Standard Shield provider: cannot start because 'AVIRA (H+BEDV) AntiVir' is active!, 00000000.
3/24/2007 12:24:07 AM Rimmerkins 1924 Error in aswChestC: chestOpenList Error 1722.
3/24/2007 12:24:07 AM Rimmerkins 1924 aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 1722.
3/24/2007 12:24:29 AM Rimmerkins 1924 aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty().
3/24/2007 3:06:33 AM Rimmerkins 1484 Error in aswChestC: chestAddFile Error 1722.
3/24/2007 3:07:18 AM Rimmerkins 1484 Error in aswChestC: chestAddFile Error 1722.
3/24/2007 1:20:40 PM Rimmerkins 1800 Error in aswChestC: chestOpenList Error 1722.
3/24/2007 1:20:40 PM Rimmerkins 1800 aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 1722.
3/24/2007 1:22:56 PM Rimmerkins 1800 aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty().
3/24/2007 1:23:08 PM Rimmerkins 456 Error in aswChestC: chestOpenList Error 1722.
3/24/2007 1:23:08 PM Rimmerkins 456 aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 1722.
3/24/2007 1:23:11 PM Rimmerkins 456 aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty().
3/25/2007 11:42:21 AM Rimmerkins 1976 Error in aswChestC: chestOpenList Error 1722.
3/25/2007 11:42:22 AM Rimmerkins 1976 aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 1722.
3/25/2007 11:42:25 AM Rimmerkins 1976 aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty().
3/25/2007 11:49:25 AM Rimmerkins 344 Error in aswChestC: chestOpenList Error 1722.
3/25/2007 11:49:25 AM Rimmerkins 344 aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 1722.
3/25/2007 11:49:34 AM Rimmerkins 344 aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty().

#4 science

science
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 02 April 2007 - 12:16 PM

:thumbsup:
Hey guys, I just wanted to add this to my forum topic ~ my boyfriend wants to take me on vacation this Friday. We'll be gone for 2 weeks.

I won't be here if anybody is able to help me because I will be out of the state. Today is Monday. ((edit: I'll be here til Friday.)) We're leaving on Friday, April 6. Should be back around April 21.

I'm really getting worried about my situation as I haven't had a reply; I'm so worried that my situation is unfixable. :flowers: I did make a post in the "haven't had a reply in 5 days". One of the bumpers on the HJT forum got helped out, and I know we're not allowed to bump, so I'm very worried about my computer.

Does anyone know? Does it look infected? Is there anything I can do? :huh:

Edited by science, 02 April 2007 - 12:17 PM.


#5 science

science
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 05 April 2007 - 08:08 AM

Hello, it's been 11 days since I first posted my HJT log. I understand a lot of folks need help. Others have actually been assisted on the HJT forum before my consideration. Bumpers got assisted when it is said they typically do not.

I'm really stressed about this, and I've wasted 2 weeks for a reply from you. (I started doing the necessary requirements before posting an HJT log a few days before I was able to post.) My computer is no longer working. I live very far from any actual computer service, but it would have been faster driving several hours and spending a few hundred dollars to have the situation solved by now. I'm usually very grateful for help. I'm sorry I couldn't give my money to your organization.

I'm sorry you guys are so busy, but if you couldn't assist me in the first place, I wish you would have told me a little sooner.

#6 science

science
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 05 April 2007 - 08:20 AM

Logfile of HijackThis v1.99.1
Scan saved at 1:02:19 AM, on 3/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rimmerkins\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121791809482
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144465263432
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Unknown owner - C:\WINDOWS\System32\drivers\CDAC11BA.EXE (file missing)
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\IPODthinger\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

#7 science

science
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 05 April 2007 - 08:25 AM

bump

#8 science

science
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 05 April 2007 - 08:25 AM

bump

#9 science

science
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 05 April 2007 - 08:37 AM

bump

#10 science

science
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 05 April 2007 - 08:38 AM

bump

#11 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:40 PM

Posted 05 April 2007 - 08:42 AM

Hello science, and welcome to BleepingComputer. First of all I want to tell you that I am very sorry you have waited so long. I know it is hard to wait when your computer needs help. All I can say is that there are currently over 100 open logs that need attention as of now. The volunteers do the best they can. I have no explanation as to why your log has been skipped. I will be handling your log from now on to help you get cleaned up.

Please take note of the following:
1. I will start working on your malware issues, this may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. The process is not instant. Please continue to review my answers until I tell you your machine is clean.
4. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.

Please give me some time to look over your log and I will get back to you as soon as possible. I need a bit of time to properly analyze your log.
As you said in the other thread that you will be out of the state soon, I cannot ensure you that I have fixed your problem by then. We can do as much as possible and likely fix the problem when you get back.

Thanks,

htv8

Edited by htv8, 05 April 2007 - 08:45 AM.

If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#12 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 PM

Posted 05 April 2007 - 09:41 AM

Sorry for the delay in replying, we have been swamped with logs

The items avast found are all in system restore, you can clean out system restore by doing the following:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot.

Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Post back with a new HijackThis log and let me know of any remaining problems

#13 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 PM

Posted 05 April 2007 - 09:54 AM

You are being helped here, so I will close this topic now

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,717 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:40 AM

Posted 05 April 2007 - 11:05 AM

I am going to pick this log up. Science, I apologize for your delay. Trust me it is not that we are singling you out and not helping you, it is just that we have been extremely backlogged with the amount of logs we have and limited volunteers who can work on them.

The log looks totally clean to me. The items that are being reported are in a special folder used by System restore that the AV software can't access and thus can't delete. We will clear the system restore points later and that will clear out those files. For now, ignore them.

My only concern is that you mention WOW and there have been some very creative infections going around to steal logon information from online games. These are sometimes hard to see and sometimes impossible to remove. So I need to be upfront and say that it is possible you may have to reformat/reinstall your computer to be totally safe if we do not find something that can be easily removed.

So lets start by digging down a little bit. I need two logs from you:


* Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it and start GMER.exe
Click the rootkit-tab and click scan.

Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.

If you're having problems with running GMER.exe, try it in safe mode.

Then, I want an autostart log from HijackThis:

Run HijackThis.
Click on Open the Misc Tools Section.
Then press Generate StartupList log, making sure that both boxes next to it are checked.
Select Yes at the prompt.
A Notepad file will open, and will automatically be saved in your HijackThis folder.
Paste this log in your next reply.
More information with a screenshot, can be found here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users