check my log please!

Status
Not open for further replies.
A

azkid110

Solid State Member
Messages
14
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
E:\Program Files\TGTSoft\StyleXP\StyleXP.exe
E:\Program Files\Winamp\Winamp.exe
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\Program Files\Trillian\trillian.exe
E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
E:\Program Files\AntiVir PersonalEdition Classic\sched.exe
E:\Documents and Settings\joe\Desktop\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O4 - HKLM\..\Run: [ANIWZCS2Service] E:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [STYLEXP] E:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143757113304
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4729/mcfscan.cab
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StyleXPService - Unknown owner - E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe



anything i need to take out? ot should take out?
 
Hi Azkid110 and welcome to Tech Forums,

My name is Whisperer and I will be looking at your log. Whilst I am doing a preliminary look through please post an up-to-date hijackthis log below this post, and include the full heading information as well please so that I may see the OS etc. :)

In addition please advise any symptoms or the nature of your problem, often the description helps when there is nothing showing in the log

Back shortly
 
cool thanks for wanting to help me out!
well as far as problems go i dont really have any in particular. i just want to be sure that im all good to go and get rid of stuff i wont/dont need. but my moms computer has some problems and ill get a log on that a little later. but here is my current log. thanks for your help.

Logfile of HijackThis v1.99.1
Scan saved at 3:54:28 PM, on 4/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
E:\Program Files\AntiVir PersonalEdition Classic\sched.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
E:\Program Files\TGTSoft\StyleXP\StyleXP.exe
E:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe
E:\Program Files\Trillian\trillian.exe
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\Program Files\Winamp\Winamp.exe
E:\Documents and Settings\joe\Desktop\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O4 - HKLM\..\Run: [ANIWZCS2Service] E:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [STYLEXP] E:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Realtek Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143757113304
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4729/mcfscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - e:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: StyleXPService - Unknown owner - E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
 
Query

Hi Azkid,

Not much wrong with the log but I need an answer to clarify one of the entries, are you using the Winamp Media player from Nullsoft?

GT
 
Hi Azkid,

1. I can find nothing suspicious in your HJT log and as you have no symptoms of problems I will conclude that you are clean. You have one orphaned entry and one entry in the BHO list that I suggest you remove. The BHO entry may well be there as a result of using Winamp, if so then disregard.

2. With all other windows closed, start your HijackThis and click on Scan
a. Click in the check-box to the left of each of the following entries, if found

• R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
• O2 - BHO: (no name) - AutorunsDisabled - (no file)

b. Select Fix Checked

3. Download the Ewido security suite here the suite is fully functional on a trial basis
  • When installing, under Additional Options REMOVE the checks on Install background guard and Install scan via context menu
  • Launch ewido, there should be a big e icon on your desktop, double-click it.
  • The program will prompt you to update; click the "OK" button. The program will now go to the main screen
  • On the left hand side of the main screen click Update and then click Start update
  • The update will start and a progress bar will show the updates being installed.
  • When the update has completed click on scanner
    • Click on Settings
    • Confirm that all check boxes are ticked
    • and scan every file is selected
    • Click OK
    • Exit ewido for now.[/list=a]

      As we will be in Safe mode for the next part of the ‘fix’ I suggest that you copy the remainder into a Notepad file and save it to your desktop for reference.

      4. Reboot your computer in Safe Mode.
      • If the computer is running, shut down Windows, and then turn off the power.
      • Wait 10 seconds, and then turn the computer on.
      • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
      • Ensure that the Safe Mode option is selected.
      • Press Enter. The computer then begins to start in Safe mode [/list=a]
        5. Run Ewido
        • Close all open windows/programs/folders. Have nothing else open while ewido performs its scan!
        • Open the programme by clicking on the large e
        • Select the Update option from the left and then Start Update on the right.
        • When the update has completed click on scanner
        • Click on Settings
        • Confirm that all check boxes are ticked
        • and scan every file is selected
        • Click OK
        • Select Complete system scan and let the program scan the machine [/list=a]
          6. If Ewido finds anything, it will pop up a notification.
          • Select remove as the action
          • Place a check Perform action with all infections."
          • Repeat the scan until there is no detected malware [/list=a]
            7. When you have a clean log result from Ewido
            • click on the Save Report button at the bottom of the screen and save the file to the desktop.
            • Exit Ewido [/list=a]
              8. Reboot to Normal mode and post
              • The Ewido log
              • A final HijackThis log (I hope)
              • An assessment of your computer [/list=a]
 
ok i scanned with ewido using your technique and luckily, after about an hour, nothing came up!

here is my log from that

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:57:04 PM, 4/14/2006
+ Report-Checksum: C2FFD6D8

+ Scan result:

No infected objects found.


::Report End

and here is my current log from hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 4:05:32 PM, on 4/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\AntiVir PersonalEdition Classic\sched.exe
E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
E:\Program Files\TGTSoft\StyleXP\StyleXP.exe
E:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Winamp\Winamp.exe
E:\Documents and Settings\joe\Desktop\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\Userinit.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] E:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [STYLEXP] E:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Realtek Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143757113304
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4729/mcfscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - e:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: StyleXPService - Unknown owner - E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe



ok but im still not happy, because when i scan with Xoftspy it shows me

vendor: IBIS/Hunt Toolbar
catagory: data minor
object type: Registry key
danger: high threat
location: software/folder manager

and i gotta pay 20 bucks to register to be able to get this removed.

do you have any recomendations on how to get this off my computer? or should i just not worry about it?

thanks again,
Joe
 
Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
    [*] Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
    [*] Click on see report. Then click Save report
Please post that log in your next reply.

IBIS/Hunt Toolbar that Xoftspy is picking up is an old registry entry. Lets see if Panda will ID the old key. If not...we will have to go the long route...

If Panda picks it up...you'll need to search the registry for the offender. Use the list on this site and delete the keys if found.

http://www.pctoday.com/editorial/ar...es/2005/w1602/38w03.asp&ArticleID=25531&guid=
 
actually, nevermind my dad deleted the registery for me, it was from a screensaver and i did a couple more scans, and found nothing. so i am happy with my computer!

thanks for your help you guys!
 
Few more items to address so this won't happen again.....

Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few more items to address so please follow the instructions below.


Reset hidden/system files and folders

Windows XP
===============
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Windows 2000
===============
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Select the Advanced settings box option.
  • Select the Hidden files Folders.
  • Deselect the Show all files option.
  • Click Yes to confirm.
  • Click OK.

Windows ME
===============
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Windows 95/98/98SE
===============
  • Open My Computer.
  • Select the View
  • Select the Folder Options option.
  • Select the View tab. option.
  • Select the Advance Advanced settings box option.
  • Select the Hidden files folder.
  • Deselect the Show all files option
  • Click Apply to confirm.
  • Click OK.



Create a new System Restore point

Windows XP
===============
  • Click Start >> Run - type SYSDM.CPL & press Enter
  • Select the System Restore Tab
  • Tick on the checkbox - "Turn off System Restore on all drives"
  • Click Apply
  • Then untick the same checkbox & click OK
  • This deletes ALL restore points that had the infection and creates a clean one

Windows ME
===============
  • Click the Start tab.
  • Select the Settings option.
  • Select the Control Panel option.
  • Double Click the System icon Performance tab option.
  • Select File System
  • Select the Troubleshooting tab
  • Check the Disable System Restore box
  • Click Apply to confirm.
  • Click OK.

Reboot the PC and repeat the above procedure again
When you get to this option
  • Uncheck the Disable System Restore box

For Windows ME..we MUST create a new restore point now as Windows ME will not create one automatically until the computer has been on for 10 hours or 24 hours has passed. To create a new restore point follow the procedure below.

  • Click the Start button.
  • Point to Programs, point to Accessories, point to System Tools, and then click System Restore.
  • Choose Create a restore point, and then click Next.
  • In the Restore point description box, type a name for your restore point, and then click Next.
    Click OK



Enable Windows Auto Update
  • Go to Start>Run - type wuaucpl.cpl
  • Tick on the checkbox - "Keep my computer up to date"
  • Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
  • Click on "OK".

Please visit Microsoft's Window's Update Page and install the latest service packs, patchÂ’s and security updates for your system.


Recommended Protection Programs

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
  • WinPatrol to monitor any changes that programs make to the registry.

If you do not have a firewall, here are 4 free ones available for personal use:


In todayÂ’s world you MUST have an Antivirus program. If you do not have one, here are 3 FREE ones available for personal use:




In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
Please stay safe out there and take the helpful advice thatÂ’s been given. The goal here is to prevent the adware/spyware/virus/worms from getting on the system in the first place.
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
3K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
C
please check
Replies
2
Views
3K
chublake
C
C
Moms laptop running slow Please check
Replies
4
Views
4K
chublake
C
Back
Top Bottom