Ultimate Predator Posted December 1, 2008 Posted December 1, 2008 Haven't cleaned up my laptop in a long time, just updated everything, ccleaned, and defraged (free of viruses/spyware as well), if there is anything left to clean up in the log please let me know: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:32:14, on 01/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\Program Files\ClamWin\bin\ClamTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/anglia/support/...s/ebraryRdr.cab O20 - AppInit_DLLs: O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 3888 bytes
Administrator Tarun Posted December 2, 2008 Administrator Posted December 2, 2008 Log looks clean. I would recommend getting avast over ClamAV because ClamAV has a horrible detection rate. You may also want to run JavaRa to get rid of old Java versions. Generated by Tarun of Lunarsoft's HijackThis Converter v0.53 Beta. Default-color items are optional, red are known to be malicious. Created registry value R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 Changed registry value R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Malware added these O1 - Hosts: ::1 localhost Enumeration of existing IE's BHO's O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Enumeration of suspicious auto-loading registry entries O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" Hijack of default URL prefixes O13 - Gopher Prefix: Downloaded Program Files item O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/anglia/support/...s/ebraryRdr.cab AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys O20 - AppInit_DLLs:
Ultimate Predator Posted December 2, 2008 Author Posted December 2, 2008 Hmmm, I already ran JavaRa before hand; I updated to Jave 6 Update 10 and removed all older versions. I know what you mean about avast, but I really want it to run stand-alone, which I don't know how to do. Can all of the above safely be deleted then? Just worried what these are: O1 - Hosts: ::1 localhost (pretty sure I haven't had malware in ages) O13 - Gopher Prefix: O20 - AppInit_DLLs: If yo9u could just explain these for me please, I'll happily remove them all.
Administrator Tarun Posted December 2, 2008 Administrator Posted December 2, 2008 I'd rather have an av installed that I know works rather than have a poor standalone one. Avast doesn't take many resources or RAM so there shouldn't be any problem running it. The O13 and O20 are blank. You can keep or remove the O1 entry for hosts. Just ignore it if you want, it's IPv6 format.
Ultimate Predator Posted December 2, 2008 Author Posted December 2, 2008 I'll do a clean up later and post here. Avast still slows down startup a lot, and I just don't need it running all the time. I;m genuinely interested in seeing what the detection rates are like for clamwin compared to other avs.
Administrator Tarun Posted December 2, 2008 Administrator Posted December 2, 2008 I've not seen avast slow down any machines that I've installed it on unless they were very old/outdated. You don't have much loading on startup. Prefetch and Superfetch should ease what's loading too, so be sure to allow them time to learn about avast on boot.
Ultimate Predator Posted December 2, 2008 Author Posted December 2, 2008 I've not seen avast slow down any machines that I've installed it on unless they were very old/outdated. You don't have much loading on startup. Prefetch and Superfetch should ease what's loading too, so be sure to allow them time to learn about avast on boot. How do I do the prefetch and superfetch thing? Also, where did you learn about the bad detection rates for clamwin?
Administrator Tarun Posted December 2, 2008 Administrator Posted December 2, 2008 If you haven't changed any services, Windows will take care of prefetch and superfetch automatically. av-comparatives doesn't have it listed and I cannot recall where I've seen it, but I saw many places say ClamAV is horrible (I've used it and completely agree). I did find this however.
Ultimate Predator Posted December 3, 2008 Author Posted December 3, 2008 If you haven't changed any services, Windows will take care of prefetch and superfetch automatically. av-comparatives doesn't have it listed and I cannot recall where I've seen it, but I saw many places say ClamAV is horrible (I've used it and completely agree). I did find this however. I admit, looks bad, lol, I'll go back to avast and see how things are tomorrow. However, are there no avs that are or have the option for stand-alone that are good?
Administrator Tarun Posted December 3, 2008 Administrator Posted December 3, 2008 None that I know of that are of any quality. Unless you want the Kaspersky on demand. I'll try to locate the link for you. Edit: http://downloads1.kaspersky-labs.com/devbuilds/AVPTool/
Ultimate Predator Posted December 3, 2008 Author Posted December 3, 2008 None that I know of that are of any quality. Unless you want the Kaspersky on demand. I'll try to locate the link for you. Edit: http://downloads1.kaspersky-labs.com/devbuilds/AVPTool/ Does it fair well in AV comparisons?
greenknight Posted December 3, 2008 Posted December 3, 2008 I tried Kaspersky AVP tool quite a while back - it does tie up some memory, even though it has no real-time protection. Awful big download (27.8 MB), considering that the only way to update it is to download the whole thing again! It installed itself on my desktop, without giving me a chance to select the install location, and couldn't be moved. May have improved since then, however - I haven't tried it again since. It uses the same engine as the full Kaspersky AV, which is quite good (though Avast is better), but it may not have its advanced heuristics (according to an old listing on AV-Comparatives, don't know if it still applies). As for Clam, I did find a "secondgrouptest" from Feb. 07 on AV-Comparatives where they tested ClamWin; it had an overall detection rate of 53%. Dismal - but, it did better than Comodo AV! ;)
Ultimate Predator Posted December 4, 2008 Author Posted December 4, 2008 I tried Kaspersky AVP tool quite a while back - it does tie up some memory, even though it has no real-time protection. Awful big download (27.8 MB), considering that the only way to update it is to download the whole thing again! It installed itself on my desktop, without giving me a chance to select the install location, and couldn't be moved. May have improved since then, however - I haven't tried it again since. It uses the same engine as the full Kaspersky AV, which is quite good (though Avast is better), but it may not have its advanced heuristics (according to an old listing on AV-Comparatives, don't know if it still applies). As for Clam, I did find a "secondgrouptest" from Feb. 07 on AV-Comparatives where they tested ClamWin; it had an overall detection rate of 53%. Dismal - but, it did better than Comodo AV! Cheers for the info. What are your views Tarun? You tested Kaperspy recently? EDIT: Tried Kaperspy, horrible, keeps trying to uninstall when I close, no option to up-date, not what I'm looking for at all unfortunately. Here is my log after the cleaning, anything else Tarun? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:59:21, on 04/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\HijackThis\HijackThis.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 2454 bytes
Administrator Tarun Posted December 5, 2008 Administrator Posted December 5, 2008 Looks good to me. I've tried Kaspersky before but never cared much for it. Then again, I don't really care much for any av software since I don't have the need, but if I had to use any I'd pick avast for sure.
Ultimate Predator Posted December 5, 2008 Author Posted December 5, 2008 So annoying there isn't an up-to-date avast on demand scanner.
Recommended Posts