Results 1 to 9 of 9

Thread: HJTlog and the ISP ads

  1. #1

    HJTlog and the ISP ads

    hi all
    am using firefox Version 0.10.0.0

    pls i need ur help about HJTlog
    Logfile of HijackThis v1.98.2
    Scan saved at 3:08:39 AM, on 9/25/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\HJT\HijackThis.exe

    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B75FFAE9-5687-4222-A74F-B751F221F117}: NameServer = ***.**.**.19 ***.**.**.20

    after serching google found much pages about ( O17 - Domain hijack) but the two ips
    belong to the isp and some times i get from the isp and its not blocked by the browser.
    any advice/notice will be appreciated
    coolcamel

  2. #2
    Senior Member
    Join Date
    Feb 2004
    Posts
    201
    Just the presence of an O17 line does not indicate malware. Most of them are benign.


    Your Operating System and Internet Explorer needs patching! Please visit http://windowsupdate.microsoft.com and download all of the critical service packs and updates. I wouldn't recommend SP2 quite yet though.

    Other than that I don't see anything too obvious in your log. What problem are you having, exactly? And please include your whole log. It looks like peices are missing.

    Also, I would recommend doing the following if you have not already:

    Please download, update and run (one at a time of course!) Spybot Search & Destroy v1.3and Ad-aware SE v1.05 ]. Fix whatever they suggest.

    Please download, update and run the A2 (A squared) anti-trojan. You can download it free at http://www.emsisoft.com/en/software/free/ . Let it fix whatever it wants to.

    Also, run this pc through the Panda Scan Online virus scanner.

  3. #3
    lol.. meeeeeee..

    do you expect coolcamel to follow all of your advice when you see this in the sig ?

    > No update...
    > No scanning online ....
    and when I see such a short log as that, I begin to wonder if the person hasn't disabled things via msconfig.

  4. #4
    Senior Member
    Join Date
    Feb 2004
    Posts
    201
    hmmm.. I must confess I skipped the sig part.... and I do believe you may be right about the msconfig thing....

    Just like old times.. your eyes are sharper than mine!

    :P

  5. #5
    oh.. but your senses are clearer than mine..

    even when you're getting kicked around by the little one. (hehe)

  6. #6
    hi

    here is logfile after gettin every thing from the backup
    ------------------
    Logfile of HijackThis v1.98.2
    Scan saved at 11:18:48 PM, on 9/26/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.****.net.sa:8080
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O8 - Extra context menu item: & Export to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B75FFAE9-5687-4222-A74F-B751F221F117}: NameServer = ***.**.**.19 ***.**.**.20
    ========
    here is the Ad-Aware SE Personal logfile
    Ad-Aware SE Build 1.04
    Logfile Created on:Friday, September 24, 2004 5:30:32 AM
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R8 13.09.2004
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Enigma.SpyHunter(TAC index:4):18 total references
    MRU List(TAC index:0):31 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings
    ===========================
    Set : Search for negligible risk entries
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep-scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Scan registry for all users instead of current user only
    Set : Always try to unload modules before deletion
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical objects


    9-24-2004 5:30:32 AM - Scan started. (Smart mode)

    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 360
    ThreadCreationTime : 9-23-2004 10:53:19 PM
    BasePriority : Normal


    #:2 [csrss.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 420
    ThreadCreationTime : 9-23-2004 10:53:22 PM
    BasePriority : Normal


    #:3 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 444
    ThreadCreationTime : 9-23-2004 10:53:24 PM
    BasePriority : High


    #:4 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 488
    ThreadCreationTime : 9-23-2004 10:53:26 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : services.exe

    #:5 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 500
    ThreadCreationTime : 9-23-2004 10:53:26 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 656
    ThreadCreationTime : 9-23-2004 10:53:29 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:7 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 700
    ThreadCreationTime : 9-23-2004 10:53:29 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:8 [smc.exe]
    FilePath : C:\Program Files\Sygate\SPF\
    ProcessID : 760
    ThreadCreationTime : 9-23-2004 10:53:31 PM
    BasePriority : Normal
    FileVersion : 5.5.00.2710
    ProductVersion : 5.5.00.2710
    ProductName : Sygate® Security Agent and Personal Firewall
    CompanyName : Sygate Technologies, Inc.
    FileDescription : Sygate Agent Firewall
    InternalName : Smc
    LegalCopyright : Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved.
    OriginalFilename : Smc.EXE

    #:9 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 844
    ThreadCreationTime : 9-23-2004 10:53:40 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:10 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1020
    ThreadCreationTime : 9-23-2004 10:53:45 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:11 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 1328
    ThreadCreationTime : 9-23-2004 10:54:01 PM
    BasePriority : Normal
    FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
    ProductVersion : 6.00.2600.0000
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : EXPLORER.EXE

    #:12 [winpatrol.exe]
    FilePath : C:\PROGRA~1\BILLPS~1\WINPAT~1\
    ProcessID : 1376
    ThreadCreationTime : 9-23-2004 10:54:07 PM
    BasePriority : Normal
    FileVersion : 7, 0, 1, 0
    ProductVersion : 7.0.1.0
    ProductName : WinPatrol
    CompanyName : BillP Studios
    FileDescription : WinPatrol By BillP Studios
    InternalName : WinPatrol
    LegalCopyright : Copyright © 1997- 2004 BillP Studios
    OriginalFilename : Scotty
    Comments : Let Scotty the Windows Watchdog patrol your system.

    #:13 [realsched.exe]
    FilePath : C:\Program Files\Common Files\Real\Update_OB\
    ProcessID : 1408
    ThreadCreationTime : 9-23-2004 10:54:08 PM
    BasePriority : Normal
    FileVersion : 0.1.0.3034
    ProductVersion : 0.1.0.3034
    ProductName : RealPlayer (32-bit)
    CompanyName : RealNetworks, Inc.
    FileDescription : RealNetworks Scheduler
    InternalName : schedapp
    LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
    LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
    OriginalFilename : realsched.exe

    #:14 [ctfmon.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1440
    ThreadCreationTime : 9-23-2004 10:54:09 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : CTF Loader
    InternalName : CTFMON
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : CTFMON.EXE

    #:15 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID : 1300
    ThreadCreationTime : 9-24-2004 2:19:42 AM
    BasePriority : Normal
    FileVersion : 6.2.0.200
    ProductVersion : VI.Second Edition
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

    #:16 [realplay.exe]
    FilePath : C:\Program Files\Real\RealPlayer\
    ProcessID : 240
    ThreadCreationTime : 9-24-2004 2:30:10 AM
    BasePriority : Idle
    FileVersion : 6.0.12.880
    ProductVersion : 6.0.12.880
    ProductName : RealPlayer (32-bit)
    CompanyName : RealNetworks, Inc.
    FileDescription : RealPlayer
    InternalName : REALPLAY
    LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
    LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
    OriginalFilename : REALPLAY.EXE

    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 0


    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Enigma.SpyHunter Object Recognized!
    Type : RegValue
    Data : C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe
    Category : Data Miner
    Comment : "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe"
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\microsoft\windows\currentversion\shareddlls
    Value : C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe

    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 1
    Objects found so far: 1


    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Enigma.SpyHunter Object Recognized!
    Type : RegValue
    Data :
    Category : Data Miner
    Comment : "SpyHunter"
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Windows\CurrentVersion\Run
    Value : SpyHunter

    Enigma.SpyHunter Object Recognized!
    Type : File
    Data : spyhunter.exe
    Category : Data Miner
    Comment :
    Object : c:\program files\enigma software group\spyhunter\
    FileVersion : 1.01.0029
    ProductVersion : 1.01.0029
    ProductName : SpyHunter
    CompanyName : Enigma Software Group Inc.
    FileDescription : Application Created e-SendersSystem
    InternalName : SpyHunter
    LegalCopyright : 2003
    LegalTrademarks : ESGI
    OriginalFilename : SpyHunter.exe


    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 1
    Objects found so far: 3


    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 3



    Deep scanning and examining files...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for C:\WINDOWS
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 3

    Disk Scan Result for C:\WINDOWS\System32
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 3

    Disk Scan Result for C:\DOCUME~1\admas\LOCALS~1\Temp\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 3


    Scanning Hosts file......
    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Hosts file scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    1 entries scanned.
    New critical objects:0
    Objects found so far: 3



    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\nico mak computing\winzip\filemenu
    Description : winzip recently used archives


    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
    Description : list of files recently opened using microsoft paint


    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\microsoft\windows\currentversion\explorer\runmru
    Description : mru list for items opened in start | run


    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\microsoft\search assistant\acmru
    Description : list of recent search terms used with the search assistant


    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
    Description : list of recently saved files, stored according to file extension


    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
    Description : list of recent programs opened


    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\microsoft\windows\currentversion\explorer\recentdocs
    Description : list of recent documents opened


    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\microsoft\office\10.0\common\open find\microsoft document imaging\settings\save as\file name mru
    Description : list of recent files saved by microsoft document imaging


    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\microsoft\office\10.0\excel\recent files
    Description : list of recent files used by microsoft excel


    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\realnetworks\realplayer\6.0\preferences
    Description : list of recent skins in realplayer


    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\microsoft\internet explorer
    Description : last download directory used in microsoft internet explorer


    MRU List Object Recognized!
    Location: : software\microsoft\directdraw\mostrecentapplication
    Description : most recent application to use microsoft directdraw


    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\microsoft\microsoft management console\recent file list
    Description : list of recent snap-ins used in the microsoft management console


    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\microsoft\internet explorer\typedurls
    Description : list of recently entered addresses in microsoft internet explorer


    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
    Description : list of recently used files in adobe reader


    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct3d


    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\realnetworks\realplayer\6.0\preferences
    Description : list of recent clips in realplayer


    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\microsoft\windows\currentversion\applets\regedit
    Description : last key accessed using the microsoft registry editor


    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
    Description : list of recently used webs in microsoft frontpage


    MRU List Object Recognized!
    Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
    Description : last playlist loaded in microsoft windows media player


    MRU List Object Recognized!
    Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
    Description : last playlist loaded in microsoft windows media player


    MRU List Object Recognized!
    Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
    Description : last playlist loaded in microsoft windows media player


    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\microsoft\mediaplayer\preferences
    Description : last playlist loaded in microsoft windows media player


    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\realnetworks\realplayer\6.0\preferences
    Description : last login time in realplayer


    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
    Description : list of recently used files in microsoft frontpage


    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct X


    MRU List Object Recognized!
    Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk


    MRU List Object Recognized!
    Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk


    MRU List Object Recognized!
    Location: : S-1-5-21-484763869-1935655697-842925246-1003\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk


    MRU List Object Recognized!
    Location: : C:\Documents and Settings\admas\Application Data\microsoft\office\recent
    Description : list of recently opened documents using microsoft office


    MRU List Object Recognized!
    Location: : C:\Documents and Settings\admas\recent
    Description : list of recently opened documents



    Performing conditional scans...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Enigma.SpyHunter Object Recognized!
    Type : Regkey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CURRENT_USER
    Object : software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\spyhunter

    Enigma.SpyHunter Object Recognized!
    Type : Regkey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\spyhunterconfig

    Enigma.SpyHunter Object Recognized!
    Type : Folder
    Category : Data Miner
    Comment :
    Object : C:\Program Files\enigma software group\SpyHunter

    Enigma.SpyHunter Object Recognized!
    Type : Folder
    Category : Data Miner
    Comment :
    Object : C:\Documents and Settings\admas\..\all users\start menu\programs\SpyHunter

    Enigma.SpyHunter Object Recognized!
    Type : File
    Data : def.dat
    Category : Data Miner
    Comment :
    Object : C:\Program Files\enigma software group\spyhunter\



    Enigma.SpyHunter Object Recognized!
    Type : File
    Data : help.rtf
    Category : Data Miner
    Comment :
    Object : C:\Program Files\enigma software group\spyhunter\



    Enigma.SpyHunter Object Recognized!
    Type : File
    Data : INSTALL.LOG
    Category : Data Miner
    Comment :
    Object : C:\Program Files\enigma software group\spyhunter\



    Enigma.SpyHunter Object Recognized!
    Type : File
    Data : install.sss
    Category : Data Miner
    Comment :
    Object : C:\Program Files\enigma software group\spyhunter\



    Enigma.SpyHunter Object Recognized!
    Type : File
    Data : PSAPI.DLL
    Category : Data Miner
    Comment :
    Object : C:\Program Files\enigma software group\spyhunter\
    FileVersion : 4.00
    ProductVersion : 4.00
    ProductName : Microsoft(R) Windows NT(TM) Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Process Status Helper
    InternalName : PSAPI
    LegalCopyright : Copyright (C) Microsoft Corp. 1981-1996
    OriginalFilename : PSAPI


    Enigma.SpyHunter Object Recognized!
    Type : File
    Data : settings.ini
    Category : Data Miner
    Comment :
    Object : C:\Program Files\enigma software group\spyhunter\



    Enigma.SpyHunter Object Recognized!
    Type : File
    Data : Uninstall.exe
    Category : Data Miner
    Comment :
    Object : C:\Program Files\enigma software group\spyhunter\



    Enigma.SpyHunter Object Recognized!
    Type : File
    Data : Spyhunter.lnk
    Category : Data Miner
    Comment :
    Object : C:\Documents and Settings\admas\..\all users\desktop\



    Enigma.SpyHunter Object Recognized!
    Type : File
    Data : SpyHunter.lnk
    Category : Data Miner
    Comment :
    Object : C:\Documents and Settings\admas\..\all users\start menu\programs\spyhunter\



    Enigma.SpyHunter Object Recognized!
    Type : File
    Data : Uninstall or Repair SpyHunter.lnk
    Category : Data Miner
    Comment :
    Object : C:\Documents and Settings\admas\..\all users\start menu\programs\spyhunter\



    Enigma.SpyHunter Object Recognized!
    Type : File
    Data : Spyhunter.lnk
    Category : Data Miner
    Comment :
    Object : C:\Documents and Settings\admas\..\all users\start menu\



    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 15
    Objects found so far: 49

    5:49:22 AM Scan Complete

    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:18:49.945
    Objects scanned:48681
    Objects identified:18
    Objects ignored:0
    New critical objects:18
    i have Kaspersky AV its up to date and detect nothing,also i run Spybot Search & Destroy v1.3
    no threats were found.
    Do i still need online scanning from Panda Scan with installed Kaspersky AV up to date ?
    ===
    helplesslyhopin i dont know what make you think my Sig refer to WIN updating ???.!!!!
    its not , its about somthing else.
    my win its not up to date coze every time i try the update i lost the connection u know its DUN.
    thnks pipl.
    coolcamel

  7. #7
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,066
    Well, tell us this, are you having problems with your computers performance? Other then that one thing in the log, why do you suggest that your infected?

    And yes, I highly recommend you run the online scan, not only from panda, but from trend mirco's housecall as well.
    I am the uber duck!!1
    Proxy Tools

  8. #8
    hi all

    i thought am infected coze of these strang path files
    \SystemRoot\System32\smss.exe
    \??\C:\WINDOWS\system32\csrss.exe

    \??\C:\WINDOWS\system32\winlogon.exe
    and
    017 domain hijack
    but after the replays and online scanning am sure now everythin is okah.
    thanks for ur expansive time people.
    coolcamel.

  9. #9
    Senior Member
    Join Date
    Feb 2004
    Posts
    201
    Your log looks fine except for these 2 pieces of garbage:

    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    from http://www.download.com/3000-2144-10209093.html
    The demo version only searches--you'll have to opt for the $30 license to remove anything. The program returned several warnings in our tests. In an attempt to verify SpyHunter's findings, we ran three adware-removal tools to compare results. Oddly, none of the other programs found the infections SpyHunter found. In addition, our browser settings had not been hijacked, nor were we being served unwanted ads. Taking into account SpyHunter's questionable results, limited demo, and steep price tag, we recommend users look elsewhere for an adware-removal tool.
    O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
    from http://www.spywarewarrior.com/rogue_anti-spyware.htm
    aggressive, deceptive advertising ...... questionable license terms; false positives work as goad to purchase ........exploits name "spybot" ........Ad-aware knockoff -"
    The filenames you listed are fine. google on them for more info.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •