1 reply to this topic

[cecilvt]

I have an XP home machine which got infected with BraveSentry. I seem to have this under control but am still getting some suspicious entries inn HiJackThis. Here is the log: Logfile of HijackThis v1.99.1 Scan saved at 9:32:54 AM, on 10/10/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\cleanmgr.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Noah\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Microsoft copyright - {971D5B7B-F7DF-43ee-B771-6B7FA09975C3} - sipov.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernelwind32.exe O4 - HKLM\..\Run: [GoogleBot.exe] C:\WINDOWS\System32\GoogleBot.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\System32\vedxg6ame4.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{25324303-E971-48F5-A44E-2007499233E8}: NameServer = 66.93.87.2 O17 - HKLM\System\CS2\Services\Tcpip\..\{17F618A2-31AA-45AD-9711-61DA2A19349D}: NameServer = 66.93.87.2 O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\partnership.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe Thanks in advance for any advice.

[Noviciate]

You have an unpatched Operating System with no sign of an anti-virus program - reformat and reinstall is my advice to you. Not only does your log show a number of nasties that are, or have been, present, there could be others that don't show up using HJT. There's no real way to be sure that the PC is clean unless you wipe it and start afresh. Should you require them, I can supply links to free software that will keep your computer secure in future. These and a visit to the Microsoft Updates site should see you surfing safely in no time.