0

Hi everyone. I made a post a few weeks ago about deleting everything on my hijackthis log (I know... really stupid), but this is the log from what my computer is currently running, if anyone could help me out with what I need/what I have that I don't need, I would really appreciate it.

Logfile of HijackThis v1.97.7
Scan saved at 11:28:17 PM, on 2/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\System\msadc\Help\winreg.exe
C:\PROGRA~1\BROADJ~1\CLIENT~1\CFD.exe
C:\Documents and Settings\Jeff Rautenberg\My Documents\download\hijackthis\HijackThis.exe
O4 - HKLM\..\Run: [NAV-AutoUp] SPOOLSRV.EXE
O4 - HKLM\..\Run: [Windows Update Agent] winupdate.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Windows Update Agent] winupdate.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{304C4BF2-A542-4371-9FA1-8AC82751B787}: NameServer = 206.141.192.60 206.141.193.55


Thanks everyone,

-Jeff-

2
Contributors
10
Replies
11
Views
13 Years
Discussion Span
Last Post by rauty
0

Thanks a lot, how's this look now?

Logfile of HijackThis v1.97.7
Scan saved at 6:40:50 PM, on 2/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\System\msadc\Help\winreg.exe
C:\PROGRA~1\BROADJ~1\CLIENT~1\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Yahoo!\browser\YBrowser.exe
C:\Documents and Settings\Jeff Rautenberg\My Documents\download\hijackthis\HijackThis.exe
O4 - HKLM\..\Run: [NAV-AutoUp] SPOOLSRV.EXE
O4 - HKLM\..\Run: [Windows Update Agent] winupdate.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Windows Update Agent] winupdate.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


Another question that I had was that I ran an avast virus scan and it found win32:NCaseSpy [trj]. I deleted it and it didn't seem to go away. So I ran the scan again when the computer was booting up and deleted it there. I'm not sure if it is gone or if I have any other viruses. I don't know if you can tell from the hijackthis log, but if you could let me know, I'd appreciate it.

Thanks,

-Jeff-

0

Sorry, but one more thing, I ran ad-aware 6.0 personal and it found 212 items (I not very good w/ computers, so I have no idea what this means.) Are these files that I should delete? I didn't do anything w/ them b/c it seemed like a whole lot of files to delete. Please let me know what I should do w/ them (if anything).

Thanks again!

-Jeff-

0

Sorry, but one more thing, I ran ad-aware 6.0 personal and it found 212 items (I not very good w/ computers, so I have no idea what this means.) Are these files that I should delete? I didn't do anything w/ them b/c it seemed like a whole lot of files to delete. Please let me know what I should do w/ them (if anything).

Thanks again!

-Jeff-

Thats what ad-aware is for removing spyware file ,safe to remove everything it finds .

0

Alright, thanks a lot, just deleting what I thought looked weird is what got me into trouble in the first place :-) (the hijackthis log), so I thought I would actually wait this time to make sure. Does the hijackthis log look alright now though?

0

actually this file[O4 - HKLM\..\Run: [Windows Update Agent] winupdate.exe] could be the results of a virus ,there is an good ,winupdate.exe file but it would be in the c:\windows\system , folder ,do a search for the file and let me know how many you find and where they are located .

0

The search turned up winupdate.exe-0f50c4f5.pf in C:\Windows\prefetch, but that's the only file that it found. I obviously don't know much of what I'm talking about, but it does seem like winupdate.exe is causing something b/c I used to have to hit ALT+CTL+DEL and end like 10 tasks or whatever to have my conputer function at a semi-normal speed. Winupdate.exe was one of those.

0

I did some looking around on the website that you (caperjack) posted on another link. I looked at all of the processes that were running when I pressed ALT+CTL+DEL and it said that svchost.exe, services.exe, lsass.exe, csrss.exe, spoolsv.exe, winlogon.exe, smss.exe, winreg.exe, and explorer.exe were all created from various viruses. That really surprised me b/c my computer seems to be running better than it used to, and if all of those processes were gone, there would be almost nothing left on the menu. Should I do something about these or just leave them there? If anyone knows the answer, please let me know. Thanks a bunch.

-Jeff-

0

I did some looking around on the website that you (caperjack) posted on another link. I looked at all of the processes that were running when I pressed ALT+CTL+DEL and it said that svchost.exe, services.exe, lsass.exe, csrss.exe, spoolsv.exe, winlogon.exe, smss.exe, winreg.exe, and explorer.exe were all created from various viruses. That really surprised me b/c my computer seems to be running better than it used to, and if all of those processes were gone, there would be almost nothing left on the menu. Should I do something about these or just leave them there? If anyone knows the answer, please let me know. Thanks a bunch.

-Jeff-

You have to be careful and rely on you anti viruse program for virus as the virus will add files that are just like actuall windows files ,it just puts them in a different folder that the orignal !!

0

Oh, I gotcha, well thanks a lot for all of the help.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.