Home > Hjt Log > HJT Log (not Sure What I'm Infected With)

HJT Log (not Sure What I'm Infected With)

Is this because of the crap cleaner? that is the only thing i can think of... Back to top #8 HammerMan HammerMan Member Full Member 74 posts Posted 24 June 2006 - 04:45 AM Hello again, Ive done all that now. Self Protection;c:\windows.0\system32\drivers\aswSP.sys [2010-1-28 114768] R2 aswFsBlk;aswFsBlk;c:\windows.0\system32\drivers\aswFsBlk.sys [2010-1-28 20560] R2 avast! http://exomatik.net/hjt-log/hjt-log-please-let-me-know-if-i-m-still-infected.php

Now that we're in the middle of Legion, with Nighthold here and our raid team making excellent progress, it's time to ta… primesuspect Beepin n' Boopin Detroit, MI 15 Jan Icrontic Register now! Not sure what it is so I clicked deny??Here is my log file anyways. You need to disable SpywareGuard again before the fixes.

Ask a question and give support. After that, it was EOF.Thank you! Thanks again. Facebook Google+ Twitter YouTube Subscribe to TechSpot RSS Get our weekly newsletter Search TechSpot Trending Hardware The Web Culture Mobile Gaming Apple Microsoft Google Reviews Graphics Laptops Smartphones CPUs Storage Cases

All Rights Reserved. Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of are we talking days, weeks or months; just wonder what time-scale we are on hereif lappy is round the corner from you, why not have lappy with you, and promice not Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:08:20, on 2010/05/13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe

If Combofix asks you to install Recovery Console, please allow it. [6]. I am not doubting you otherwise I would not do it I would just like to know what all this means as I don't really understand it all I just do Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. A case like this could easily cost hundreds of thousands of dollars.

Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List It is not in my Add/Remove programs list but I looked at its properties again and found it isFile Size: 592 KB (606,208 bytes) Back to top #11 HammerMan HammerMan Member After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Whenever a security problem in its software is found, Microsoft will usually create a patch for it.

Not sure if this helps to narrow it down but what i have noticed is that as soon as the computer is switched on, it starts accessing the net but invisible Follow instructions here:Show Hidden Files and FoldersWhen you are done this, open HJT and make sure all browsers and windows are closed except for hijackthis and click "Do a system scan antivirus 4.8.1368 [VPS 100510-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} ============== Running Processes =============== C:\WINDOWS.0\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS.0\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe I may have installed it if it is part of something else if you know what I mean but haven't purposely installed something called OD2 Download Engine.Ok then, let's fix these

self protection module/ALWIL Software) ZwCreateKey [0xF6198574] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! More about the author Share this post Link to post Share on other sites DebbieM80    New Member Topic Starter Members 9 posts ID: 12   Posted August 5, 2010 Hi, after I "OK'd" those If you see a rootkit warning window, click OK.When the scan is finished, click the Save... Sometimes the user knows of a new program that we havent seen yet, and we like to make sure we dont delete any legit program.

When you are done this, open HJT and make sure all browsers and windows are closed except for hijackthis and click "Do a system scan only" and put a check next Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. [3]. about the C:\windows.0 the only thing i can think of is this computer crashed a few years back with a virus and just shut down completely. check my blog You have a program or application running that Specialized in network monitoring and testing scenarios> Paessler.

You are right, the on-line scanners DO take a while! O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.Push the button.Push Share this post Link to post Share

The only option she is given by the Microsoft virus scanner is accept or block, so we block it.We have updated and ran AVG, Microsoft antivirus scanner, AdawareSE, A-squared, CWS shredder,

Should I reinstall IE and see what happens?Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4395Windows 5.1.2600 Service Pack 2Internet Explorer 6.0.2900.21808/5/2010 2:04:36 PMmbam-log-2010-08-05 (14-04-36).txtScan type: Full scan (C:\|D:\|)Objects scanned: 216384Time elapsed: 1 hour(s), 39 Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. The second log shown not only a different operating system, but also that the Services are in the wrong directory C:\Windows.0 is not a legitimate Windows directory unless there's something about Thanks in advance for your time.

Please note that your topic was not intentionally overlooked. Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-28 352920] S3 PSSDK42;PSSDK42;c:\windows.0\system32\drivers\pssdk42.sys [2010-4-9 38976] S3 tmeter;TMeter Service;c:\windows.0\system32\drivers\tmeter.sys --> c:\windows.0\system32\drivers\tmeter.sys [?] S3 tmeterMP;tmeterMP;c:\windows.0\system32\drivers\tmeter.sys --> c:\windows.0\system32\drivers\tmeter.sys [?] S3 w900bus;Sony Ericsson 900i driver (WDM);c:\windows.0\system32\drivers\w900bus.sys --> c:\windows.0\system32\drivers\w900bus.sys [?] S3 FYI: the IP 192.168.0.2 is not for a foreign site. news Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast!

So basically the Services can't do what they are suppose to do. May 17, 2010 #13 Bobbye Helper on the Fringe Posts: 16,335 +36 Guess I came on a bit strong! After downloading the tool, disconnect from the internet and disable all antivirus protection. Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Power Services, Inc. × Existing user?

Please, check the file size as well and post another HJT log for me. TDI Filter Driver/ALWIL Software) ---- EOF - GMER 1.0.15 ---- _________________________________________________________________ DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 9:18:33.82 on 2010/05/11 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.703.475 [GMT HJT Log Included Oct 5, 2006 Spyware or Virus disabled my anti-virus and ad-aware - HJT log included Oct 30, 2006 Add New Comment You need to be a member to even after i fixed it it worked for a while then it will come back.

Normally I am logged in straight away.... Click Yes to confirm. Antivirus;avast! Bothe of these still have drivers running and files loading so I have used script to remove them.

PC Advisor Phones Smartphone reviews Best smartphones Smartphone tips Smartphone buying advice Smartphone deals Laptops Laptops reviews Laptops tips Best laptops Laptops buying advice Tablets Tablet reviews Best tablets Tablet tips SG flashed up saying something about IE being changed so I clicked to use new settings... It installed fine and ran its first scan on re-booting successfully (finding 3 threats and moving to "Chest"), but it gave the same errors as AVG after Windows XP started. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged

and these are from the current HJT log with Vista: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\Explorer.EXE C:\WINDOWS.0\system32\VTTimer.exe C:\WINDOWS.0\SOUNDMAN.EXE C:\WINDOWS.0\system32\spoolsv.exe C:\WINDOWS.0\system32\wscntfy.exe Please get it together and decide which system you're working When I rebooted though the homepage didn't need resetting, it still opened up with ebay as my homepage...