User Name Password Register
DaniWeb IT Discussion Community
All
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 397,802 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,455 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Viruses, Spyware and other Nasties advertiser:
Views: 848 | Replies: 3
Reply
Join Date: Aug 2006
Posts: 5
Reputation: sTyLe is an unknown quantity at this point 
Rep Power: 0
Solved Threads: 0
sTyLe sTyLe is offline Offline
Newbie Poster

Here is My New Hijackthis log

  #1  
Aug 27th, 2006
i did uinstall one of the av programs as u said and here is my new log

Logfile of HijackThis v1.99.1
Scan saved at 12:00:01, on 27.08.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\McAfee.com\VSO\mcvsshld.exe
C:\Programfiler\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\programfiler\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Documents and Settings\sTyLe\Skrivebord\CHijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vg.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programfiler\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programfiler\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\RunServices: [Windowsz] rwnt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Morpheus.lnk = C:\Programfiler\Morpheus\Morpheus.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programfiler\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
AddThis Social Bookmark Button
Reply With Quote  
Join Date: Aug 2006
Posts: 5
Reputation: sTyLe is an unknown quantity at this point 
Rep Power: 0
Solved Threads: 0
sTyLe sTyLe is offline Offline
Newbie Poster

Re: Here is My New Hijackthis log

  #2  
Aug 27th, 2006
hope anybody can respawn
Reply With Quote  
Join Date: Aug 2006
Posts: 5
Reputation: sTyLe is an unknown quantity at this point 
Rep Power: 0
Solved Threads: 0
sTyLe sTyLe is offline Offline
Newbie Poster

Re: Here is My New Hijackthis log

  #3  
Aug 27th, 2006
plz can anybody here help me?
i really need to fix my prob im doing much school work on it
Reply With Quote  
Join Date: Jul 2006
Location: a few 1000 miles east of the east coast
Posts: 277
Reputation: Xpenetrator is an unknown quantity at this point 
Rep Power: 3
Solved Threads: 10
Xpenetrator Xpenetrator is offline Offline
Posting Whiz in Training

Re: Here is My New Hijackthis log

  #4  
Aug 27th, 2006
Hi sTyLe,

what I (sorry) overlooked in your first log is that you are running XP apparently without any service packs. Connecting a PC to the internet without these (and all subsequent hoftfixes) is more than "not recommended". Your IE is outdated too. Whatever you will try to remove your malware, the same or other will come back sooner or later this way: Even old and known malware can exploit all the loop holes in your system and no antivirus software can really protect you this way. I can't see a firewall either (connected via a router?). All this messes up things pretty bad - updating this system may even fail now due to the infections. (Try anyway)

The antivirus guys here (and everywhere) need much more information on what happens on your computer, which malware your AV scanners possibly reported and how the infection manifests itself in detail. What exactly is on the popup window? Is there a clue (maybe in the title bar) which program sends the window? Is it an ad?

Apart from the reference to RWNT.EXE I can't see anything unusual on the log. Together with the popups, this points to an infection which can't be removed that easy - you will have to run several tools and maybe online scans to identify them and then several steps to remove them may follow. This usually takes some days, so if you need your computer for school work, wiping and reinstalling (this time with Service Packs + hotfixes) would be probably faster and you get rid of your nasties, too.
Read in this forums how to set up your system to avoid infections.

I wish I could help you better, but maybe somebody comes with a better suggestion for you. Good luck!
Reply With Quote  
Reply

Only community members can participate in forum threads. You must register or log in to contribute.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 

DaniWeb Viruses, Spyware and other Nasties Marketplace
Thread Tools Display Modes

Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum

All times are GMT -4. The time now is 6:09 am.
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC