That was a "canned" speech given to me.
Run it and see what happens.
If you get any "error", we'll try something else.
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
My HijackThis log Help please
Started by
JSquared
, Jun 13 2006 08:58 PM
41 replies to this topic
#31
Micah_6:8
-
- Authentic Member
-
- 10,060 posts
Evilware Emancipator
- Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!
Posted 16 June 2006 - 08:30 AM
That was a "canned" speech given to me.
Run it and see what happens.
If you get any "error", we'll try something else.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
Register to Remove
#32
JSquared
-
- Authentic Member
-
- 22 posts
Authentic Member
Posted 16 June 2006 - 08:46 AM
Da. Here.
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 16/06/2006 10:06 PM 80 bytes Data mismatch between Windows API and raw hive data.
C:\WINDOWS\Prefetch\SSMARQUE.SCR-35153EB5.pf 16/06/2006 10:17 PM 29.72 KB Hidden from Windows API.
#33
Micah_6:8
-
- Authentic Member
-
- 10,060 posts
Evilware Emancipator
- Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!
Posted 16 June 2006 - 05:16 PM
That's not a rootkit.
Make a new folder, and copy your renamed HijackThis! program ("junk.exe") into this new folder.
Rename it back to "Hijackthis.exe" and run it.
Does it still get "zapped"?
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#34
JSquared
-
- Authentic Member
-
- 22 posts
Authentic Member
Posted 16 June 2006 - 08:01 PM
The same problem happens. Therer are no hijackthis or junk.exe files left in my system, but when i try to dowload it, under junk.exe, it stops at like 205kb out of 213 everytime. ???
#35
Micah_6:8
-
- Authentic Member
-
- 10,060 posts
Evilware Emancipator
- Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!
Posted 16 June 2006 - 08:17 PM
Hmmmm....Actaully i do have a virus scan, but its a mcafee from a decade ago.
If you go to the home page of the author of HijackThis! ( Merijn.org ), and read thru some of his "old notes", he's talked about McAfee is always detecting his programs as a virus....
You don't suppose that's what's going on here, do you?
If your McAfee isn't updated to current definitions, it's useless anyhow.
Is your McAfee "current"?
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#36
JSquared
-
- Authentic Member
-
- 22 posts
Authentic Member
Posted 16 June 2006 - 08:24 PM
Well, my Mcafee is newer than i thought. Its from 2004, so i think the latest definitions will from 2004-5? In fact, it is scanning as i speak. But my windows securitycentre tells me the thing is hopelessly out of date. It has already discovered 6 infected files and deleted one.
#37
Micah_6:8
-
- Authentic Member
-
- 10,060 posts
Evilware Emancipator
- Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!
Posted 16 June 2006 - 08:33 PM
An "out of date" antivirus is a liability, not as asset.
You should consider "ditching" it for something "current".
There are links to free antivirus products at the link below:
Post Infection Items To Ponder
I don't know anything about McAfee, but I suppose if it was responsible for this "mayhem", it would have HijackThis! in "quarantine" somewhere, I would think.... Can you check the "quarantined" files?
Out of curiosity, what are the names of the "infected" files it has found?
You should consider "ditching" it for something "current".
There are links to free antivirus products at the link below:
Post Infection Items To Ponder
I don't know anything about McAfee, but I suppose if it was responsible for this "mayhem", it would have HijackThis! in "quarantine" somewhere, I would think.... Can you check the "quarantined" files?
Out of curiosity, what are the names of the "infected" files it has found?
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#38
JSquared
-
- Authentic Member
-
- 22 posts
Authentic Member
Posted 16 June 2006 - 08:47 PM
My mcfee does detect hijackthis as a bug. But i think it just automatically deletes it, there is no quarantine folder in my mcafee folder. Ive no log files either. So im conducting a full scan now. ill give u the logfile later.
#39
Micah_6:8
-
- Authentic Member
-
- 10,060 posts
Evilware Emancipator
- Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!
Posted 16 June 2006 - 08:49 PM
Great! 
Give some serious thought into replacing McAfee with something current.
Give some serious thought into replacing McAfee with something current.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#40
JSquared
-
- Authentic Member
-
- 22 posts
Authentic Member
Posted 18 June 2006 - 01:10 AM
I have found the activity log for the macafee. Indeed it was the one casuing all the trouble. Take a look. There are many logs. Ive pasted the interesting ones.
VSHIELD Settings:
bScanIncoming=1
bScanOutgoing=1
bNetworkScanEnabled=0
bFileCacheEnabled=0
bScanOnExecute=1
bScanOnOpen=1
bScanOnCreate=1
bScanOnRename=1
bCanBeDisabled=1
bScanOnShutdown=1
bScanOnBootAccess=1
ExtensionFilterOption=1
uVshieldAction=5
bButtonClean=1
bButtonMove=1
bButtonDelete=1
bButtonExclude=1
bButtonStop=1
bButtonContinue=0
bDisplayMessage=0
bLogToFile=1
bLimitSize=1
uMaxKilobytes=100
bLogDetection=1
bLogClean=1
bLogDelete=1
bLogMove=1
bLogSettings=1
bLogSummary=1
bLogDateTime=1
bLogUserName=1
szProgramExtensions=(NoExtension) ??_ {?? 001 002 386 3GR ACM ADT AP? ASD ASP AX? BAT BIN BO? CC? CDR CHM CLA CMD CNV CO? CP? CSC D?B DAT DEV DIF DL? DO? DRV EE? EX? FMT FO? GMS GZ? HDI HLP HT? IM? IN? JS? LIB MB? MD? MHT MOD MPD MPP MPT MRC MS? OB? OC? OL? OLE OTM OV? PCI PD? PHP
PIF PLG POT PP? PRC QLB QPW QTC REG RTF SCR SH? SIS SMM SYS TD0 TGZ TLB TSP VB? VS? VWP VXD WBK WIZ WP? WRI WS? X32 XL? XML XSL XTP XX? ZL?
szDefaultProgramExtensions=(NoExtension) ??_ {?? 001 002 386 3GR ACM ADT AP? ASD ASP AX? BAT BIN BO? CC? CDR CHM CLA CMD CNV CO? CP? CSC D?B DAT DEV DIF DL? DO? DRV EE? EX? FMT FO? GMS GZ? HDI HLP HT? IM? IN? JS? LIB MB? MD? MHT MOD MPD MPP MPT MRC MS? OB? OC? OL? OLE OTM OV? PCI PD? PHP
PIF PLG POT PP? PRC QLB QPW QTC REG RTF SCR SH? SIS SMM SYS TD0 TGZ TLB TSP VB? VS? VWP VXD WBK WIZ WP? WRI WS? X32 XL? XML XSL XTP XX? ZL?
szCustomMessage=McAfee VShield: Virus found in file!
szMoveToFolder=\infected
szLogFileName=C:\Program Files\Network Associates\VirusScan\VSHLog.txt
szNetworkAlertPath=
bScanCompressed=1
bRemoveAllMacros=0
bFindAllMacros=0
bScanAllOLE=0
bProgFileHeuristics=0
bMacroHeuristics=1
bDetectMaybe=0
bDetectCorrupted=0
bDetectJoke=0
bDetectTrojans=0
6/13/2006 3:53 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C25857\391BD5\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 3:53 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C25857\391BD5\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 3:53 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C25857\267ADA\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 3:53 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C25857\267ADA\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 3:56 PM Infected SYSTEM C:\System Volume Information\_restore{0551836C-29B4-4A97-AD38-CE6C7BDDB49F}\RP210\A0021635.exe\A0021635.EXE W32/Generic.worm!p2p
6/13/2006 3:56 PM Deleted SYSTEM C:\System Volume Information\_restore{0551836C-29B4-4A97-AD38-CE6C7BDDB49F}\RP210\A0021635.exe\A0021635.EXE W32/Generic.worm!p2p
6/13/2006 4:05 PM Infected SYSTEM C:\unzipped\hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:05 PM Deleted SYSTEM C:\unzipped\hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:09 PM Infected SYSTEM C:\unzipped\hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:10 PM Deleted SYSTEM C:\unzipped\hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:10 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C1039194\1C7C61\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:10 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C1039194\1C7C61\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:10 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C1039194\2B9856\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:10 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C1039194\2B9856\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:15 PM Infected SYSTEM C:\unzipped\hijackthis(3)\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:15 PM Deleted SYSTEM C:\unzipped\hijackthis(3)\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:16 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:16 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:17 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:17 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:17 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:17 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:17 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:17 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:18 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:18 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:18 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:18 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:18 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:18 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:18 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 1 for hijackthis(3).zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:18 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 1 for hijackthis(3).zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:20 PM Infected SYSTEM C:\AntiAd\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:20 PM Deleted SYSTEM C:\AntiAd\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:21 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\Cache\24192E11d01\24192E11D01 W32/Generic.worm!p2p
6/13/2006 4:21 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\Cache\24192E11d01\24192E11D01 W32/Generic.worm!p2p
6/13/2006 4:21 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Desktop\HijackThis.exe.part\HIJACKTHIS.EXE.PART W32/Generic.worm!p2p
6/13/2006 4:21 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Desktop\HijackThis.exe.part\HIJACKTHIS.EXE.PART W32/Generic.worm!p2p
6/13/2006 4:21 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\Cache\24192E11d01\24192E11D01 W32/Generic.worm!p2p
6/13/2006 4:21 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\Cache\24192E11d01\24192E11D01 W32/Generic.worm!p2p
6/13/2006 4:21 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Desktop\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:21 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Desktop\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:23 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C1039194\347266\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:23 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C1039194\347266\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:23 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C1039194\278E73\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:23 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C1039194\278E73\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:24 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C1039194\2A9BAF\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:24 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C1039194\2A9BAF\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:28 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\Cache\44EF0A27d01\44EF0A27D01 W32/Generic.worm!p2p
6/13/2006 4:28 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\Cache\44EF0A27d01\44EF0A27D01 W32/Generic.worm!p2p
6/13/2006 4:28 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\ih6hmkg1.exe\IH6HMKG1.EXE W32/Generic.worm!p2p
6/13/2006 4:28 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\ih6hmkg1.exe\IH6HMKG1.EXE W32/Generic.worm!p2p
6/13/2006 4:28 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\Cache\44EF0A27d01\44EF0A27D01 W32/Generic.worm!p2p
6/13/2006 4:28 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\Cache\44EF0A27d01\44EF0A27D01 W32/Generic.worm!p2p
6/13/2006 4:28 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\8ud1wkav.exe\8UD1WKAV.EXE W32/Generic.worm!p2p
6/13/2006 4:28 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\8ud1wkav.exe\8UD1WKAV.EXE W32/Generic.worm!p2p
6/13/2006 4:34 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 1 for hijackthis(2).zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:34 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 1 for hijackthis(2).zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:34 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 1 for hijackthis(2).zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:34 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 1 for hijackthis(2).zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:35 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:35 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:36 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\Cache\44EF0A27d01\44EF0A27D01 W32/Generic.worm!p2p
6/13/2006 4:36 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\Cache\44EF0A27d01\44EF0A27D01 W32/Generic.worm!p2p
6/13/2006 4:36 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Desktop\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:36 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Desktop\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:37 PM Infected SYSTEM C:\Program Files\AntiAds\Hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:37 PM Deleted SYSTEM C:\Program Files\AntiAds\Hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:37 PM Infected SYSTEM C:\Program Files\Mozilla Firefox\Hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:37 PM Deleted SYSTEM C:\Program Files\Mozilla Firefox\Hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:41 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C1039194\162724\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:41 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C1039194\162724\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:41 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C1039194\2647B3\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:41 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C1039194\2647B3\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:41 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C1039194\33D30D\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:41 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C1039194\33D30D\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:41 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C1039194\E4D73\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:41 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Local Settings\Temp\AAWTMP\C1039194\E4D73\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:44 PM Infected SYSTEM C:\Program Files\AntiAds\Hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:44 PM Deleted SYSTEM C:\Program Files\AntiAds\Hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:44 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Desktop\Hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:44 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Desktop\Hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:45 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Desktop\Hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 4:45 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Desktop\Hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
Statistics:
Files scanned: 90849 Boot records scanned: 4
Files infected: 84 Boot records infected: 0
Files cleaned: 0 Boot records cleaned: 0
Files deleted: 42
VSHIELD Settings:
bScanIncoming=1
bScanOutgoing=1
bNetworkScanEnabled=0
bFileCacheEnabled=0
bScanOnExecute=1
bScanOnOpen=1
bScanOnCreate=1
bScanOnRename=1
bCanBeDisabled=1
bScanOnShutdown=1
bScanOnBootAccess=1
ExtensionFilterOption=1
uVshieldAction=5
bButtonClean=1
bButtonMove=1
bButtonDelete=1
bButtonExclude=1
bButtonStop=1
bButtonContinue=0
bDisplayMessage=0
bLogToFile=1
bLimitSize=1
uMaxKilobytes=100
bLogDetection=1
bLogClean=1
bLogDelete=1
bLogMove=1
bLogSettings=1
bLogSummary=1
bLogDateTime=1
bLogUserName=1
szProgramExtensions=(NoExtension) ??_ {?? 001 002 386 3GR ACM ADT AP? ASD ASP AX? BAT BIN BO? CC? CDR CHM CLA CMD CNV CO? CP? CSC D?B DAT DEV DIF DL? DO? DRV EE? EX? FMT FO? GMS GZ? HDI HLP HT? IM? IN? JS? LIB MB? MD? MHT MOD MPD MPP MPT MRC MS? OB? OC? OL? OLE OTM OV? PCI PD? PHP
PIF PLG POT PP? PRC QLB QPW QTC REG RTF SCR SH? SIS SMM SYS TD0 TGZ TLB TSP VB? VS? VWP VXD WBK WIZ WP? WRI WS? X32 XL? XML XSL XTP XX? ZL?
szDefaultProgramExtensions=(NoExtension) ??_ {?? 001 002 386 3GR ACM ADT AP? ASD ASP AX? BAT BIN BO? CC? CDR CHM CLA CMD CNV CO? CP? CSC D?B DAT DEV DIF DL? DO? DRV EE? EX? FMT FO? GMS GZ? HDI HLP HT? IM? IN? JS? LIB MB? MD? MHT MOD MPD MPP MPT MRC MS? OB? OC? OL? OLE OTM OV? PCI PD? PHP
PIF PLG POT PP? PRC QLB QPW QTC REG RTF SCR SH? SIS SMM SYS TD0 TGZ TLB TSP VB? VS? VWP VXD WBK WIZ WP? WRI WS? X32 XL? XML XSL XTP XX? ZL?
szCustomMessage=McAfee VShield: Virus found in file!
szMoveToFolder=\infected
szLogFileName=C:\Program Files\Network Associates\VirusScan\VSHLog.txt
szNetworkAlertPath=
bScanCompressed=1
bRemoveAllMacros=0
bFindAllMacros=0
bScanAllOLE=0
bProgFileHeuristics=0
bMacroHeuristics=1
bDetectMaybe=0
bDetectCorrupted=0
bDetectJoke=0
bDetectTrojans=0
6/13/2006 5:18 PM Infected SYSTEM C:\AntiAd\Hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 5:18 PM Deleted SYSTEM C:\AntiAd\Hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 5:18 PM Infected SYSTEM C:\Documents and Settings\hccnmh\Desktop\Hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 5:18 PM Deleted SYSTEM C:\Documents and Settings\hccnmh\Desktop\Hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 5:37 PM Infected SYSTEM C:\Program Files\AntiAds\Hijackthis\Hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 5:37 PM Deleted SYSTEM C:\Program Files\AntiAds\Hijackthis\Hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/13/2006 5:39 PM Infected SYSTEM C:\System Volume Information\_restore{0551836C-29B4-4A97-AD38-CE6C7BDDB49F}\RP210\A0021830.exe\A0021830.EXE W32/Generic.worm!p2p
6/13/2006 5:39 PM Deleted SYSTEM C:\System Volume Information\_restore{0551836C-29B4-4A97-AD38-CE6C7BDDB49F}\RP210\A0021830.exe\A0021830.EXE W32/Generic.worm!p2p
6/13/2006 5:39 PM Infected SYSTEM C:\System Volume Information\_restore{0551836C-29B4-4A97-AD38-CE6C7BDDB49F}\RP210\A0021834.exe\A0021834.EXE W32/Generic.worm!p2p
6/13/2006 5:39 PM Deleted SYSTEM C:\System Volume Information\_restore{0551836C-29B4-4A97-AD38-CE6C7BDDB49F}\RP210\A0021834.exe\A0021834.EXE W32/Generic.worm!p2p
6/14/2006 4:29 PM Infected SYSTEM C:\AntiAd\Hijackthis\Hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/14/2006 4:29 PM Deleted SYSTEM C:\AntiAd\Hijackthis\Hijackthis\HijackThis.exe\HIJACKTHIS.EXE W32/Generic.worm!p2p
6/14/2006 4:32 PM Infected SYSTEM C:\System Volume Information\_restore{0551836C-29B4-4A97-AD38-CE6C7BDDB49F}\RP210\A0021859.exe\A0021859.EXE W32/Generic.worm!p2p
6/14/2006 4:32 PM Deleted SYSTEM C:\System Volume Information\_restore{0551836C-29B4-4A97-AD38-CE6C7BDDB49F}\RP210\A0021859.exe\A0021859.EXE W32/Generic.worm!p2p
6/14/2006 4:32 PM Infected SYSTEM C:\System Volume Information\_restore{0551836C-29B4-4A97-AD38-CE6C7BDDB49F}\RP210\A0021870.exe\A0021870.EXE W32/Generic.worm!p2p
6/14/2006 4:32 PM Deleted SYSTEM C:\System Volume Information\_restore{0551836C-29B4-4A97-AD38-CE6C7BDDB49F}\RP210\A0021870.exe\A0021870.EXE W32/Generic.worm!p2p
6/14/2006 4:32 PM Infected SYSTEM C:\System Volume Information\_restore{0551836C-29B4-4A97-AD38-CE6C7BDDB49F}\RP210\A0021871.exe\A0021871.EXE W32/Generic.worm!p2p
6/14/2006 4:32 PM Deleted SYSTEM C:\System Volume Information\_restore{0551836C-29B4-4A97-AD38-CE6C7BDDB49F}\RP210\A0021871.exe\A0021871.EXE W32/Generic.worm!p2p
6/14/2006 4:32 PM Infected SYSTEM C:\System Volume Information\_restore{0551836C-29B4-4A97-AD38-CE6C7BDDB49F}\RP211\A0021900.exe\A0021900.EXE W32/Generic.worm!p2p
6/14/2006 4:32 PM Deleted SYSTEM C:\System Volume Information\_restore{0551836C-29B4-4A97-AD38-CE6C7BDDB49F}\RP211\A0021900.exe\A0021900.EXE W32/Generic.worm!p2p
6/14/2006 4:32 PM Infected SYSTEM C:\System Volume Information\_restore{0551836C-29B4-4A97-AD38-CE6C7BDDB49F}\RP212\A0022016.exe\A0022016.EXE W32/Generic.worm!p2p
6/14/2006 4:32 PM Deleted SYSTEM C:\System Volume Information\_restore{0551836C-29B4-4A97-AD38-CE6C7BDDB49F}\RP212\A0022016.exe\A0022016.EXE W32/Generic.worm!p2p
That was way befor the time u cleared my system, i think. The lastest scan showed no infections. Oh yeah, can i delete tclock, is it harmful?
Edited by JSquared, 18 June 2006 - 01:22 AM.
Register to Remove
#41
Micah_6:8
-
- Authentic Member
-
- 10,060 posts
Evilware Emancipator
- Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!
Posted 18 June 2006 - 05:12 AM
Should be able to remove via "Add/Remove programs" if you don't want it.File Name: TClock.exe
Description: TClock.exe is a program that synchronizes your system clock with Internet time servers.
I can find no one classifying it as any kind of "threat".
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#42
Micah_6:8
-
- Authentic Member
-
- 10,060 posts
Evilware Emancipator
- Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!
Posted 18 June 2006 - 07:31 AM
This topic is now closed.
If you need this topic reopened, please request this by sending an email to us at the following link
(Click for address)
Include your post user name and detail why you need it reopened with a valid link to your post.
Any bad links or emails that are not from the original poster will be deleted without response.
Any emails without the subject "Reopen" will be deleted without being looked at.
If this is not your thread please start a New Topic.
If you need this topic reopened, please request this by sending an email to us at the following link
(Click for address)
Include your post user name and detail why you need it reopened with a valid link to your post.
Any bad links or emails that are not from the original poster will be deleted without response.
Any emails without the subject "Reopen" will be deleted without being looked at.
If this is not your thread please start a New Topic.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
3 user(s) are reading this topic
0 members, 3 guests, 0 anonymous users
