|
|
|
Help I think I have a trojan conhooker virus and I cant get rid of it
|
|
|
sparky322
Newbie
|
18. January 2008 @ 16:08 |
Link to this message
|
Here is the combofix log:
ComboFix 08-01-18.1 - Owner 2008-01-19 15:51:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.129 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\NeroCheck .exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\byvtu.dll .bad
C:\VundoFix Backups\chjufjuc.ini.bad
C:\VundoFix Backups\drgjjhtr.ini.bad
C:\VundoFix Backups\ttxdtgxl.ini.bad
.
((((((((((((((((((((((((( Files Created from 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))
.
2008-01-18 20:11 . 2008-01-18 20:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-18 20:11 . 2008-01-18 20:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-17 16:44 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 17:43 . 2008-01-15 17:43 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-15 16:59 . 2008-01-16 16:30 1,625,376 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-15 16:59 . 2008-01-16 16:30 39,712 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-15 16:59 . 2008-01-16 16:30 22,844 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-15 16:59 . 2008-01-16 16:30 4,796 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-15 16:53 . 2008-01-15 16:53 <DIR> d-------- C:\KAV
2008-01-15 16:43 . 2008-01-15 16:43 <DIR> d-------- C:\Program Files\CCleaner
2008-01-12 15:47 . 2008-01-16 16:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-01-12 15:44 . 2008-01-12 15:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-12 15:44 . 2008-01-12 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 15:44 . 2008-01-12 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-12 15:23 . 2008-01-16 20:08 <DIR> d-------- C:\HijackThis
2008-01-12 13:23 . 2008-01-12 13:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-12 13:01 . 2007-08-01 16:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-12 13:00 . 2008-01-12 13:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-01-12 11:35 . 2008-01-12 11:35 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-12 11:35 . 2008-01-12 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-12 11:34 . 2008-01-12 11:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-04 04:50 . 2008-01-04 04:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\TrojanHunter
2008-01-03 19:34 . 2008-01-05 13:07 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-01-02 23:25 . 2008-01-19 15:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-02 23:25 . 2008-01-02 23:25 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-01-02 23:25 . 2008-01-02 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-02 21:55 . 2008-01-19 15:51 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-02 21:55 . 2008-01-03 16:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-02 21:55 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-02 21:52 . 2008-01-02 23:19 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-01-02 21:35 . 2008-01-09 15:44 13,312 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-02 21:35 . 2008-01-09 15:44 13,312 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-12-26 15:55 . 2008-01-09 15:43 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-24 12:59 . 2008-01-19 15:51 <DIR> d-------- C:\Program Files\iTunes
2007-12-24 12:59 . 2007-12-24 12:59 <DIR> d-------- C:\Program Files\iPod
2007-12-24 12:52 . 2008-01-19 15:51 <DIR> d-------- C:\Program Files\QuickTime
2007-12-24 12:47 . 2007-12-24 12:47 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-24 12:47 . 2007-12-24 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-24 11:39 . 2007-12-24 11:39 <DIR> d-------- C:\Documents and Settings\Katie\Application Data\Apple Computer
2007-12-24 11:35 . 2004-06-23 13:39 <DIR> d--h----- C:\Documents and Settings\Katie\WLANProfiles
2007-12-24 11:35 . 2004-06-23 13:17 <DIR> d-------- C:\Documents and Settings\Katie\Application Data\Symantec
2007-12-24 11:35 . 2004-06-23 14:18 <DIR> d-------- C:\Documents and Settings\Katie\Application Data\CyberLink
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 20:51 --------- d-----w C:\Program Files\SymNetDrv
2008-01-19 20:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-17 01:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-01-16 01:05 --------- d-----w C:\Program Files\OpenOffice.org 2.2
2008-01-13 05:39 --------- d-----w C:\Program Files\Yahoo!
2008-01-12 16:42 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-12 16:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-12-04 22:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2007-12-02 03:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\Move Networks
.
((((((((((((((((((((((((((((( snapshot@2008-01-18_16.54.26.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-17 21:44:49 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-19 20:51:10 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-17 21:44:49 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-19 20:51:11 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-17 21:44:49 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-19 20:51:11 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-17 21:44:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-19 20:51:12 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-17 21:44:50 3,612,672 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-19 20:51:12 3,665,920 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-17 21:44:50 204,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-19 20:51:13 204,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-17 21:44:59 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-01-19 20:51:23 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2008-01-09 15:44 13312]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-04 17:45 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-04 17:44 71280]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-01-09 15:43 155648]
"PRONoMgr.exe"="C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2008-01-09 15:43 86016]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2008-01-04 17:44 53248]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-04 17:45 185632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-12 12:42 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-12 15:44 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll 2003-12-16 18:49 110592 C:\WINDOWS\system32\LgNotify.dll
R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\System32\DRIVERS\rmedia.sys [2003-10-20 21:09]
R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\System32\DRIVERS\sonyhcb.sys [2001-11-05 09:23]
S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\System32\DRIVERS\sonyhcs.sys [2001-11-05 09:23]
.
Contents of the 'Scheduled Tasks' folder
"2007-03-23 11:17:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-19 01:08:17 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-01-03 02:52:41 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2006-12-10 00:51:18 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 15:53:29
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-19 15:54:01
ComboFix-quarantined-files.txt 2008-01-19 20:53:45
ComboFix2.txt 2008-01-18 21:56:43
And here is the new hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:45 PM, on 1/19/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\System32\1XConfig.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HijackThis\Not Hijack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 5958 bytes
Thanks again for the help let me know what else I need to do.
|
|
Advertisement
|
|
|
|
Senior Member
|
18. January 2008 @ 21:20 |
Link to this message
|
Fix this entry with HijackThis:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
Since the Vundo had infected some programs, they need to be reinstalled. Uninstall the following programs:
iTunes
SUPERAntiSpyware
Spyware Doctor
MUSICMATCH
QuickTime
Java (all versions and updates)
Norton Antivirus
Download and run the Norton Removal Tool. You can get it here.
Restart.
Reinstall iTunes, SUPERAnitSpyware, MUSICMATCH and QuickTime.
Download and install Java Runtime Environment 6 Update 4 from here.
Rename Not Hijack.exe back to HijackThis.exe
Run a new scan and post the fresh log.
You also need to update Windows to ServicePack2, but I want to make sure the problems are completely gone before we update.
How are things acting? Still getting popups?
|
|
sparky322
Newbie
|
18. January 2008 @ 21:40 |
Link to this message
|
not getting any more pop ups since we were able to manually delete that one file so that is good. I was wondering however if I uninstall itunes will that cause me to have to set up all the music on it again? I know it might sound minuscule but that thing is a pain in the ass. Well just wanted to ask before I went and did that. Thanks again for all the help
|
Senior Member
|
18. January 2008 @ 22:53 |
Link to this message
|
Yes, all your music in the iTunes library would be gone. Instead of a clean install, do not uninstall first, just reinstall. Your music should be saved that way.
|
|
sparky322
Newbie
|
19. January 2008 @ 13:27 |
Link to this message
|
Ok I followed your instructions and reinstalled the things you said. I just reinstalled itunes and I didnt lose my library (thanks for that). Here is the latest logfile I had a question about that yahoo pager line with quiet at the end of it, whats that (O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet) I dont have yahoo messenger anymore and was wondering if it was something bad. Thanks again for everything you've been a real help!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:51 PM, on 1/20/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\HijackThis\HijackThis.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
--
End of file - 4959 bytes
|
|
Advertisement
|
|
|
Senior Member
|
19. January 2008 @ 14:24 |
Link to this message
|
Great job, your log is clean now. :)
As for the entry you asked about, it's Yahoo's startup entry. It's legit. You said you don't have Yahoo! Messenger any more, so go ahead and fix that entry with HijackThis.
You can also fix the following entries. They are not needed at startup and can be started manually when needed.
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
Then, go here to download and install ServicePack2. This is very important! There are many needed security updates in ServicePack2.
You also need to update to Internet Explorer 7, again for security purposes. You can get it here.
I also recommend getting a firewall. The Windows firewall can only block incoming connection, not outgoing.
Here are a few free firewalls.
Zone Alarm Free
Agnitum Outpost Firewall
Kerio Personal Firewall
You're welcome. I'm glad I could help.
If you have any more questions feel free to ask.
|
|
