 |  |  |  |  |  |  |  |
Here is My New Hijackthis log
 |
i did uinstall one of the av programs as u said and here is my new log
Logfile of HijackThis v1.99.1
Scan saved at 12:00:01, on 27.08.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\McAfee.com\VSO\mcvsshld.exe
C:\Programfiler\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\programfiler\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Documents and Settings\sTyLe\Skrivebord\CHijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vg.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programfiler\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programfiler\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\RunServices: [Windowsz] rwnt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Morpheus.lnk = C:\Programfiler\Morpheus\Morpheus.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programfiler\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:00:01, on 27.08.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\McAfee.com\VSO\mcvsshld.exe
C:\Programfiler\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\programfiler\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Documents and Settings\sTyLe\Skrivebord\CHijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vg.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programfiler\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programfiler\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\RunServices: [Windowsz] rwnt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Morpheus.lnk = C:\Programfiler\Morpheus\Morpheus.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programfiler\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
•
•
Join Date: Jul 2006
Posts: 277
Reputation: 
Solved Threads: 10
Posting Whiz in Training
Hi sTyLe,
what I (sorry) overlooked in your first log is that you are running XP apparently without any service packs. Connecting a PC to the internet without these (and all subsequent hoftfixes) is more than "not recommended". Your IE is outdated too. Whatever you will try to remove your malware, the same or other will come back sooner or later this way: Even old and known malware can exploit all the loop holes in your system and no antivirus software can really protect you this way. I can't see a firewall either (connected via a router?). All this messes up things pretty bad - updating this system may even fail now due to the infections. (Try anyway)
The antivirus guys here (and everywhere) need much more information on what happens on your computer, which malware your AV scanners possibly reported and how the infection manifests itself in detail. What exactly is on the popup window? Is there a clue (maybe in the title bar) which program sends the window? Is it an ad?
Apart from the reference to RWNT.EXE I can't see anything unusual on the log. Together with the popups, this points to an infection which can't be removed that easy - you will have to run several tools and maybe online scans to identify them and then several steps to remove them may follow. This usually takes some days, so if you need your computer for school work, wiping and reinstalling (this time with Service Packs + hotfixes) would be probably faster and you get rid of your nasties, too.
Read in this forums how to set up your system to avoid infections.
I wish I could help you better, but maybe somebody comes with a better suggestion for you. Good luck!
what I (sorry) overlooked in your first log is that you are running XP apparently without any service packs. Connecting a PC to the internet without these (and all subsequent hoftfixes) is more than "not recommended". Your IE is outdated too. Whatever you will try to remove your malware, the same or other will come back sooner or later this way: Even old and known malware can exploit all the loop holes in your system and no antivirus software can really protect you this way. I can't see a firewall either (connected via a router?). All this messes up things pretty bad - updating this system may even fail now due to the infections. (Try anyway)
The antivirus guys here (and everywhere) need much more information on what happens on your computer, which malware your AV scanners possibly reported and how the infection manifests itself in detail. What exactly is on the popup window? Is there a clue (maybe in the title bar) which program sends the window? Is it an ad?
Apart from the reference to RWNT.EXE I can't see anything unusual on the log. Together with the popups, this points to an infection which can't be removed that easy - you will have to run several tools and maybe online scans to identify them and then several steps to remove them may follow. This usually takes some days, so if you need your computer for school work, wiping and reinstalling (this time with Service Packs + hotfixes) would be probably faster and you get rid of your nasties, too.
Read in this forums how to set up your system to avoid infections.
I wish I could help you better, but maybe somebody comes with a better suggestion for you. Good luck!
|
Similar Threads
- Helping yourself: What to do before starting a new thread or posting a HiJackThis log (Viruses, Spyware and other Nasties)
- Help with HiJackThis log, please (Viruses, Spyware and other Nasties)
- problems with MSIESH.DLL (Viruses, Spyware and other Nasties)
- Another hijackthis log (Viruses, Spyware and other Nasties)
- hijackthis log (Viruses, Spyware and other Nasties)
- Stu's Hijackthis log file. (Viruses, Spyware and other Nasties)
- Bridge.dll error please help me here is my hijackthis log file! (Viruses, Spyware and other Nasties)
- Hijackthis log file (Viruses, Spyware and other Nasties)
- HijackThis log file (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Have Trojan Horse Please Help
- Next Thread: zlob.czc TROJAN
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos domains education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting report research risk rogueantivirus samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
