Jump to content
Sign in to follow this  
kiwaku

what files would be safe to delete?

Recommended Posts

this is my first time posting, But considering that i'm certain my computer is infected with some sorta virus.  I cleaned the spyware, made a virus scan with updates using AVG, and also someother free scans that were posted on your site.  I downloaded HIjack this, and from the sounds of it.  If you don't know what your doing results could be potentially hazardous.  Considering that I spent a pretty penny on this computer, I would hate to go through the trouble all over again with reformatting etc. etc.  My question is what files would be safe to delete?  My log file is as follows:

Logfile of HijackThis v1.99.1

Scan saved at 1:19:45 AM, on 6/19/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32csrss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesAheadInCDInCDsrv.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:LiteSteplitestep.exe

C:Program FilesJavajre1.5.0_01binjusched.exe

C:Program FilesQuickTimeqttask.exe

C:Program FilesCreativeSB Live! 24-bitSurround MixerCTSysVol.exe

C:PROGRA~1GrisoftAVGFRE~1avgcc.exe

C:PROGRA~1GrisoftAVGFRE~1avgemc.exe

C:PROGRA~1Yahoo!MESSEN~1ypager.exe

C:WINDOWSsystem32hookdump.exe

C:Program FilesSpyware Doctorswdoctor.exe

C:WINDOWSDOWNLO~1MyWebEx319raagtx.exe

C:WINDOWSDOWNLO~1MyWebEx319atnthost.exe

C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe

C:WINDOWSDOWNLO~1MyWebEx319RAAGTAPP.EXE

C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe

C:WINDOWSsystem32CTsvcCDA.exe

C:WINDOWSsystem32nvsvc32.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32wdfmgr.exe

C:WINDOWSsystem32MsPMSPSv.exe

C:WINDOWSSystem32alg.exe

C:Program FilesAvant Browseravant.exe

C:Program FilesLimeWireLimeWire.exe

C:Program FilesFlashGetflashget.exe

C:Program FilesInternet Exploreriexplore.exe

C:DownloadsHijackThis1991.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.top20results.com/

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Kiwaku

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O1 - Hosts: 213.219.251.81 astalavista.com

O1 - Hosts: 213.219.251.81 www.astalavista.com

O1 - Hosts: 213.219.251.81 astalavista.box.sk

O1 - Hosts: 213.219.251.81 www.astalavista.box.sk

O1 - Hosts: 213.219.251.81 cracks.com

O1 - Hosts: 213.219.251.81 www.cracks.com

O1 - Hosts: 213.219.251.80 go.com

O1 - Hosts: 213.219.251.80 www.go.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:PROGRA~1SPYWAR~1toolsiesdsg.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:PROGRA~1FlashGetjccatch.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:PROGRA~1SPYWAR~1toolsiesdpb.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:PROGRA~1FlashGetfgiebar.dll

O4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavajre1.5.0_01binjusched.exe

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [CTSysVol] C:Program FilesCreativeSB Live! 24-bitSurround MixerCTSysVol.exe /r

O4 - HKLM..Run: [updReg] C:WINDOWSUpdReg.EXE

O4 - HKLM..Run: [msxct] msxct.exe

O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP

O4 - HKLM..Run: [AVG7_EMC] C:PROGRA~1GrisoftAVGFRE~1avgemc.exe

O4 - HKCU..Run: [updateMgr] C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_0

O4 - HKCU..Run: [Yahoo! Pager] C:PROGRA~1Yahoo!MESSEN~1ypager.exe -quiet

O4 - HKCU..Run: [intel system tool] C:WINDOWSsystem32hookdump.exe

O4 - HKCU..Run: [spyware Doctor] "C:Program FilesSpyware Doctorswdoctor.exe" /Q

O4 - Global Startup: MyWebEx PC.LNK = ?

O8 - Extra context menu item: Add to AD Black List - C:Program FilesAvant BrowserAddToADBlackList.htm

O8 - Extra context menu item: Block All Images from the Same Server - C:Program FilesAvant BrowserAddAllToADBlackList.htm

O8 - Extra context menu item: Download All by FlashGet - C:Program FilesFlashGetjc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:Program FilesFlashGetjc_link.htm

O8 - Extra context menu item: Highlight - C:Program FilesAvant BrowserHighlight.htm

O8 - Extra context menu item: Open All Links in This Page... - C:Program FilesAvant BrowserOpenAllLinks.htm

O8 - Extra context menu item: Search - C:Program FilesAvant BrowserSearch.htm

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:PROGRA~1SPYWAR~1toolsiesdpb.dll

O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:PROGRA~1Yahoo!MESSEN~1YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:PROGRA~1Yahoo!MESSEN~1YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pc.mywebexpc.com/client/v_mywebex-aa/ra/ieatgpc.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe

O23 - Service: AT Host Service (atnthost) - WebEx - C:WINDOWSDOWNLO~1MyWebEx319atnthost.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:Program FilesAheadInCDInCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:Program FilesTuneUp Utilities 2004WinStylerThemeSvc.exe

Share this post


Link to post
Share on other sites

O1 - Hosts: 213.219.251.81 astalavista.com

O1 - Hosts: 213.219.251.81 www.astalavista.com

O1 - Hosts: 213.219.251.81 astalavista.box.sk

O1 - Hosts: 213.219.251.81 www.astalavista.box.sk

O1 - Hosts: 213.219.251.81 cracks.com

O1 - Hosts: 213.219.251.81 www.cracks.com

O1 - Hosts: 213.219.251.80 go.com

O1 - Hosts: 213.219.251.80 www.go.com

delete all those for sure.

if there are any others, im sure somebody will respond soon.

Share this post


Link to post
Share on other sites

Those sites are bad news.The astalavista.com,astalavista.box.sk,and the cracks.com.I have been to those sites myself and clicked on a couple of links a while back ago and bam norton stopped 6 viruses from shutting me down.The heck with getting a crack to make software work for free,ill pay

Share this post


Link to post
Share on other sites

Welcome to the forum, kiwaku.  :)  Here are a few to start with:

C:Program FilesFlashGetflashget.exe (Spyware)

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B" title="Safe">A5366673-E8CA-11D3-9CD9-0090271D075B} -

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -C:PROGRA~1FlashGetflashget.exe

Will look a bit deeper to see if there is more.  Will edit this post and add on as things come up....

Edit: 

C:WINDOWSsystem32hookdump.exe  -spyware

C:Program FilesInternet Exploreriexplore.exe -possible downloader virus

Do you know this site? --> R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.top20results.com/

Do you know this site? --> R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Kiwaku

Do you know this site? --> R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) <-- Always Remove

C:PROGRA~1FlashGetjccatch.dll

O4 - HKLM..Run: [msxct] msxct.exe -adware

O4 - HKCU..Run: [intel system tool] C:WINDOWSsystem32hookdump.exe -Possible Trojan Horse

O8 - Extra context menu item: Download All by FlashGet - C:Program FilesFlashGetjc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:Program FilesFlashGetjc_link.htm

O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing) <-- Always Remove

jeff24dupont is right, get rid of those entires as well.  Also, Have you downloaded and run Ad-Aware from www.lavasoft.de and Spybot-search and Destroy?  Might want to do this as well. 

After taking care of these, reboot and post another log file.  Sometimes they will re-install themselves on boot.........

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...