TechSpot

Log files

By mick123
Aug 19, 2008
  1. Hi All

    Just need someone to check my logs out and if i need to do anything else.

    I had a virus which i think was adware xp 08 and gaslide.b,ive done the all the scans and the log are attached.

    Thanks.

    The Panda Antirootkit programme found nothing.
     

    Attached Files:

  2. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    Hi All

    Symptoms seem to have gone but internet speed seems to be slow.

    Any help with checking my log will be great.


    Thanks

    Anyone ???

    HI

    Just bumping it up hoping to get a reply.

    Thanks
     
  3. Kazi

    Kazi TS Enthusiast Posts: 121

    Well it seems you have bits of mcaffee and avg. please confirm that u have only 1 anti virus
     
  4. SpiritWind

    SpiritWind TS Rookie Posts: 164

    2 antivirus programs

    As Kazi said, you HijackThis Log indicates indicates you have 2 antivirus programs
    "running", a security no-no . Personally I would not have neither McAfee or AVG 8
    on my computer and when you uninstall either or both you should ALSO use their
    "Removal Tool(s)" .
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    mbam removed multiple infections.

    HijackThis shows the following antivirus program entries. This indicates that you are running two fully functioning antivirus programs. This is not recommended. Decide which you want, delete the entries for the "other" program, uninstall the "other" program and Disable all the Services for the "other" program.

    To have Hijack this remove the entries for the "other" program:
    Reopen HijackThis and scan, Put a check in the processes below that you do not want to keep (the "other" program): I have grouped the entries for your convenience
     
  6. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    Hi Bobbye

    Thanks for your reply.I dont have AVG 8 any more but i have avast running also with mcafee.

    If this is not good to have ill remove one.

    Ill attach the logs.

    Thanks.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Why did you get rid of one of the two antivirus programs, then install another one!
    ONE antivirus program!

    I am not going to go through all those entries again! Now your choice is between McAfee OR Avast- NOT both! When you make that decision and stop loading more AV programs, we can proceed with the logs.

    You can have SuperAntispyware remove all the Tracking Cookies. You should also change you Cookie settings to Accept First Party only and Blocked or Prompt for Third Party. This is in Internet Options> Privacy tab> Advanced button.

    Do Not, repeat, Do Not install another antivirus program! Uninstall EITHER McAfee OR Avast. You cannot, should not run both! Whichever AV you keep needs to be curent in updates.

    Post new logs when done.
     
  8. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    Sorry about that Bobbye.Got only one av program and here are the new logs.

    thanks.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    mick, I helped you with this problem in June. The files in question are still on the system. Your subject then was:
    I asked you about numerous Services showing with 'unknown owner' and 'file missing' but see those same Services are still- or again- on the system. You were assisted in the cleaning then and your logs were clean. Advice for protection was given.

    Is your referral to a virus here something new or are you still working on the June cleanup? Have SuperAntispyware remove the 2 tracking Cookies. Then add the following to Restricted sites:
    Internet Options> Security> Restricted sites> Sites> type in each, then click on Add:
    Open HijackThis and check the following:
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

    Control Panel> Administrative Tools> Services> set these Services as follows:
    When you have finished configuring the Services, reboot into Normal mode. Run HijackThis and attach the log
     
  10. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    Hi Bobbye

    This problem is something new.

    Here the log after i did what you said.
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    What problem? The log looks the same.
     
  12. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    Hi Bobbye

    I done what you said but for some reason those unknowns are still there.

    I tried doing it a few time but still no good.

    Any suggestions ?


    Thanks
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please clarify "This problem is something new."
    Please note what security programs you currently have.
    Please clarify: "Symptoms seem to have gone but internet speed seems to be slow."
    Please advise what type of connection you have for the internet- dial-up, cable, DSL?
    Please advise how many process show running in the Task Manager.
    Please advise what programs are on your Startup menu.
    Please advise how much RAM is installed.
     
  14. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    Hi Bobbye

    The problem i had seem to be a new one because when i completed everything on my last thread my laptop was fine.

    This last problem occured recently just when i turn on my laptop, I didnt go to a web page or anything and all of a sudden pop ups came up and my background went blue with a warning. I thing it was antivirus xp 08 or thing like that.

    The only security program i have is mcafee.

    All Symptoms are gone and internet speed seem alright it just some site are taking longer to load slower then before especially this sight.

    Im connected to dsl .

    I have 40 process running in task manager.

    In my start up menu i have Accessories, Admin tools, Dell accessories,
    Limewire, McAfee, Startup, WinRAR, Internet Explorer, Outlook express,
    Remote assistance and Window media player.

    When i go to the general tab in system it says 0.99 GB of ram.
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, 40 processes is a reasonable number. But let's clean up the Startup.

    Are these what is listed on the Startup menu using the misconfig utility? It looks like a strange assortment. We're not talking about what's on the Start screen if you click on Start- you can have as many or as few as you want there.

    What needs to be looked into is: Start> Run> type in 'msconfig' without the quotes> enter> Selective Startup> Startup tab> the only processes that need to be checked to start at boot are the antivirus, firewall, touchpad if on laptop and network process if on network. Uncheck any others> Apply> OK> Reboot

    Close the nag message after checking 'don't show this message again'. Stay in Selective Startup.

    You mentioned having Remote Assistance- what are you doing with that-now? This is not a Service you should be running unless you ARE getting some type of Remote Assistance. Then you only run it at that time.
     
  16. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    Hi Bobbye

    That list was not from the msconfig start up but from the start up menu.

    I went to msconfig and unchecked the one i know about and the only ones i have left is

    Igfxtray - system32
    hkcmd - system32
    Igfxpers -system32
    Zcfgsvc -program files/intel/wireless/bin
    ifrmewrk - program file/intel/wireless/bin
    stsystra
    ctfmon

    I dont know what they are so i left them.

    Thanks.
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The following is a description of the processes you have on startup. Only the last in my list, needs to be on the Startup menu: Uncheck the following:
    This process need to be on Startup:
    A note about ctfmon: Per the description, if you do not use the Text Services and Speech applets in the Control Panel you can disable these features. If you do not, ctfmon will replace itself on the Startup.

    A note about the graphics card and sound processes. Not having these processes on Startup does NOT mean you won't be using the graphics and sound cards. These processes provide tray applets that clutter the Notification Area. They do not 'make' these cards work!
     
  18. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    log flies

    Hi Bobbye

    Thank for that info but how do i disable them in control panel and do i have to do anything else.

    Also should i install spyware blaster.
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Yes, install Spywareblaster.

    Try this for the Text & Speech bar:
    To Turn Text Services On or Off
    To turn text services on or off (using Classic view in Control Panel):
    1. Click Start, click Control Panel, and then double-click Regional and Language Options.
    2. On the Languages tab, under Text services and input languages, click Details.
    3. Under Preferences, click Language Bar.
    4. To turn text services off, select the Turn off advanced text services check box.
    5. To turn text services on, clear the check box.
    6. Click Yes if you are prompted to confirm your selection.

    I have removed this on my system so can't guide you better. But you can find more details in handling this here:
    http://support.microsoft.com/kb/306993
     
  20. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    Hi bobbye

    Thanks for your help.

    If there is something else i need to do let me know.

    Thanks
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Let's Get rid of the old restore points.They can get infected and are protected files, so the cleaning doesn't remove them:

    Control Panel> System> system Restore tab> CHECK 'turn off System Restore'> Apply> OK> Reboot
    Now go back in and UNCHECK the 'turn off'.
    Set a new Restore Point.
     
  22. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    HI Bobbye

    Iv done that and if there is more thing i need to do let me know otherwise
    thank for your help.

    Thanks again.
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Just one other thing. You can remove the tools you used for cleaning:

    *OTCleanit! by Oldtimer*
    * Download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe
    * Click the CleanUp! button
    * It will go through the list and remove all of the tools it finds and then delete itself (requiring a reboot).

    Enjoy your clean, faster computer!
     
  24. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    Hi Bobbye

    Just wondering if you could have alook at these log which are boff my wifes computer.

    She was complaining about something so i did the scans and i will post the logs if you dont mind.

    Thanks
     
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    ,mbam has handled 2 infected Registry entries. SAS is showing infection in DVD2ONE V2:
    Do a right click on Start> Explore> Programs> right click on DVD2ONE V2> scan with antivirus.
    Report results.

    Before I go through the HijachThis logs, please tell me what the problem is she is having. Is she getting a redirect on the browser?

    There are also some Real Time programs that need to be stopped and Hijackthis run after:
    Temporarily Disable Real Time Monitoring Programs:
    http://wiki.castlecops.com/Malware_Removal:_Temporarily_Disable_Real_Time_Monitoring_Programs

    This includes:
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    Please disable this while cleaning:
    D:\Program Files\PeerGuardian2\pg2.exe

    Malwarebytes is still loading and running. Please disable it.

    The entries in 018 for {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} are legitimate but I am unable to access castlecops for the other entries at this time.

    Remove the following when you run Hijack again:
    O18 - Protocol: msdaipp - (no CLSID) - (no file)

    O18 - Protocol hijack: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} appears to be for Windows Image Acquisition but I can't verify the CLSID now.

    We'll finish with the rest of the log when you tell me what the problem are.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...