Doesn't this log look clean??

iNTeRNeT-JuNKie · May 2005

Whenever I run Panda Antivirus on my computer, it says that I have adware and spyware on my comp.. I have ran Spybot and Ad-aware and do not find any instances of spyware.. Can someone please help... My comp is running slower then usual... any suggestions on what to do??

Logfile of HijackThis v1.99.1
Scan saved at 1:09:28 PM, on 5/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\gearsec.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\program files\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TooLz\hijackthis_199\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101264244\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14145E0B-761F-42E1-B1C5-61BFB52DCC78}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

Buckeye_Sam · May 2005

Your log is clean, but Panda is known for finding files that other programs have missed. You should get a report from Panda after the scan that shows the files it detected and what action was taken. Please post that report here.

iNTeRNeT-JuNKie · May 2005

Buckeye_Sam wrote:

Your log is clean, but Panda is known for finding files that other programs have missed. You should get a report from Panda after the scan that shows the files it detected and what action was taken. Please post that report here.

Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\DaViD\Local Settings\Temporary Internet Files\Ssk.log
Adware:Adware/DelFinMedia No disinfected C:\keys.ini

Buckeye_Sam · May 2005

These are just remnants from a previous infection. There's nothing that would make your computer run slower. You can manually delete these files.

C:\keys.ini
C:\Documents and Settings\DaViD\Local Settings\Temporary Internet Files\Ssk.log

I'd run a good registry cleaner, clean out your temp files, and then defrag your hard drive. Follow those steps on a regular basis and your computer will run faster.

iNTeRNeT-JuNKie · May 2005

Buckeye_Sam wrote:

These are just remnants from a previous infection. There's nothing that would make your computer run slower. You can manually delete these files.

C:\keys.ini
C:\Documents and Settings\DaViD\Local Settings\Temporary Internet Files\Ssk.log

I'd run a good registry cleaner, clean out your temp files, and then defrag your hard drive. Follow those steps on a regular basis and your computer will run faster.

Are there any that you recommend?? I also ran Trend Micro and get a Ad-aware that I cannot get rid of... It's called ADW_Elitebar... I am unable to delete this also... It is very annoying... :shakehead Thanks in advance.. I do defrag my comp regularly....

Buckeye_Sam · May 2005

It's called ADW_Elitebar

Where are you getting this info?

Check out Ace Utilities.
http://www.acelogix.com/

iNTeRNeT-JuNKie · May 2005

Buckeye_Sam wrote:

It's called ADW_Elitebar
Where are you getting this info?

Check out Ace Utilities.
http://www.acelogix.com/

This comes up when I run House Call by TrendMicro..

I have checked out the Ace Utilies.. Can you help me setup it up...?

Buckeye_Sam · May 2005

Even though there weren't any signs of Elitebar in your log, there's an easy fix for it. I'd run it just in case there's some leftover files on your computer.

Please download miekiemoes' LQfix batch here:
http://users.pandora.be/bluepatchy/LQfix.zip
Unzip it to the desktop but do NOT run it yet.

Reboot your computer into SAFE MODE

Once in Safe Mode, please run LQfix.bat.

I believe Ace offers a 30 day trial. You just have to download it, install it, and run it. There's instructions on their website and in the help file of the program itself. If after 30 days you decide you want to keep it you'll have to pay for it. It's a nice program.

Doesn't this log look clean??

Comments