tal ormanda Posted January 5, 2009 Share Posted January 5, 2009 My friend is having virus trouble and I got him to get this log can any of you check it out? Thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:44:02 PM, on 1/04/09Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\SearchIndexer.exeC:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet ExplorerR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplashO4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161123606578O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161123951281O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exeO23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe--End of file - 6096 bytes Link to comment Share on other sites More sharing options...
Yzöwl Posted January 5, 2009 Share Posted January 5, 2009 You need to get them to remove these:O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"Both of them! Link to comment Share on other sites More sharing options...
Tarun Posted January 5, 2009 Share Posted January 5, 2009 Please download my Anti-Malware Toolkit and get the Professional package. Then follow the directions in the PC Cleanup guide. After that, please repost a HijackThis log. Link to comment Share on other sites More sharing options...
tal ormanda Posted January 5, 2009 Author Share Posted January 5, 2009 (edited) I take it the links you posted on there are already them? I'll tell him to do this.See I have heard bad things about using Ccleaner from other people saying even if I don't use the registry cleaner and just clean temporary files with it, that it could still break my computer? What's the real deal here? Is that safe to use? Edited January 5, 2009 by tal ormanda Link to comment Share on other sites More sharing options...
beats Posted January 5, 2009 Share Posted January 5, 2009 See I have heard bad things about using Ccleaner from other people saying even if I don't use the registry cleaner and just clean temporary files with it, that it could still break my computer? What's the real deal here? Is that safe to use?I've been using CCleaner - including the registry clean part - since day one on many systems. Never had a single issue with it. Link to comment Share on other sites More sharing options...
tal ormanda Posted January 5, 2009 Author Share Posted January 5, 2009 I see on http://wiki.lunarsoft.net/wiki/PC_Cleanup it says The following items should not be checked. * "Memory Dumps" * "Windows Log Files" * "Old Prefetch Data" * "Hotfix Uninstallers" As long as I have those unchecked this program is fine to use? Link to comment Share on other sites More sharing options...
beats Posted January 5, 2009 Share Posted January 5, 2009 (edited) No, just leave the prefetch* stuff alone. It's disabled by default in recent versions of CCleaner. The other stuff is save to delete.*Prefetch cleaning was based on some optimizing myth. Edited January 5, 2009 by beats Link to comment Share on other sites More sharing options...
Tarun Posted January 5, 2009 Share Posted January 5, 2009 I see on http://wiki.lunarsoft.net/wiki/PC_Cleanup it says The following items should not be checked. * "Memory Dumps" * "Windows Log Files" * "Old Prefetch Data" * "Hotfix Uninstallers" As long as I have those unchecked this program is fine to use?That is correct. Each item listed has a detailed explanation as to why you should not apply a check to those. Link to comment Share on other sites More sharing options...
tal ormanda Posted January 6, 2009 Author Share Posted January 6, 2009 Well the virus or whatever it was really messed up his PC. He doesn't have the install disc so I gave him Linux (Ubuntu) and he likes that and is happy. Thanks everyone! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now