Please register or login. There are 0 registered and 333 anonymous users currently online. Current bandwidth usage: 326.30 kbit/s June 23 - 10:56am EDT 
Hardware Analysis
      
Forums Product Prices
  Contents 
 
 

  Latest Topics 
 

More >>
 

    
 
 

  You Are Here: 
 
/ Forums / Windows XP, 2000, 98 /
 

  anyone knows how to read this hijack this log 
 
 Author 
 Date Written 
 Tools 
8o8 Dec 26, 2007, 03:53am EST Report Abuse
heres the story couple of days ago my comp got infected with some kind of agent. so i ran avast it killed or healed the infected files . but since then once in awhile the desktop panel dissappears and reappears its like xplorer.exe is restarting .and wat ever im doin gets restarted aswell .well here is the logg maybe some one can look at and tell me if the agent is gone


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:07 PM, on 12/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun .exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMConfig.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMProcess.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iolo\System Mechanic 6\SysMech6.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wpabaln.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\isaiah\Desktop\Core Temp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\temp\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=explorer.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SystemGuardAlerter] SystemGuardAlerter.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4268 bytes


cpu-intel core i7 2600k oc 4.5ghz 1.28v
cpu cooler- corsair h50
mobo-asus sabertooth p67
ram-some generic kingston lol
psu corsair 600watt
video card- pny gtx460
case- thermaltake v9
Want to enjoy fewer advertisements and more features? Click here to become a Hardware Analysis registered user.
8o8 Dec 26, 2007, 06:18pm EST Report Abuse
>> Re: anyone knows how to read this hijack this log
bump

cpu-intel core i7 2600k oc 4.5ghz 1.28v
cpu cooler- corsair h50
mobo-asus sabertooth p67
ram-some generic kingston lol
psu corsair 600watt
video card- pny gtx460
case- thermaltake v9
CrAsHnBuRnXp Dec 26, 2007, 07:53pm EST Report Abuse
>> Re: anyone knows how to read this hijack this log
Everything looks good. Though, I am skeptical about this:

O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe


But since it says System Mechanic 6, I doubt its anything harmful as I have heard of the program.

I say your fine.

Hijack This! is more or less for spyware.

8o8 Dec 27, 2007, 05:04am EST Report Abuse
>> Re: anyone knows how to read this hijack this log
thanks for the reply..i got rid of that agent i had then i scanned my computer with pc tools and i got this

trojan virtumonde
trojan downloader.vb.axa
adaware.adsponser
adware.maxifiles

i cannt get rid of any of those

ive tried disableing system restore then boot into safe mode and scanned wih avast got nothing ..spybot search and destroy got some stuff ijust clicked on delete.. and i also tried this vurmondo remover thing that claims it removed it. but when i booted normal mode and scanned with pc tools it still showed those 2 trojans and 2 adaware

cpu-intel core i7 2600k oc 4.5ghz 1.28v
cpu cooler- corsair h50
mobo-asus sabertooth p67
ram-some generic kingston lol
psu corsair 600watt
video card- pny gtx460
case- thermaltake v9
Meats_Of_Evil Dec 27, 2007, 03:54pm EST Report Abuse
>> Re: anyone knows how to read this hijack this log
Admins you should put this sites on a sticky. They're Hijackthis Analyzer sites, they'll tell you what to and not remove.

Links:

http://hijackthis.de/en
http://hjt.networktechs.com/
http://www.help2go.com/component/detective/

Use any of the above. Paste your log file and click analyze and it will give you the results.

-------------------------------------------------------------------------------------------------------------------------
Everything I write is Sarcasm.


 

    
 
 

  Topic Tools 
 
RSS UpdatesRSS Updates
 

  Related Articles 
 
 

  Newsletter 
 
A weekly newsletter featuring an editorial and a roundup of the latest articles, news and other interesting topics.

Please enter your email address below and click Subscribe.