Hi. I just got myself a new copy of windows xp SP2 with updates till may/2007. But when i tried to install Outpost Firewall and avast AV i had several issues (like outpost saying C:\Windows\system32\services.exe trying to shut it down after 5 mins of computer freezing every startup, and avast on access protection not able to initialize). It worked out eventually after many reboots and getting the latest updates from microsoft.
I'd like to know if theres any possibility of this windows copy being compromised (im about to install it on other PCs), so i did a Hijackthis scan and i'd be very thankful if anyone can check it out for me.
Things i've already done:
Scanned PC with avast PRO full updated. Scannned with outpost updated. Scanned with spysweeper updated till definitions v866.
Ran CCleaner and fixed the errors on Windows sections.
Rebooted (normal mode - loading every startup program) and ran Hijackthis scan
Went to www.hijackthis.de and analysed my log - saying its clean, but still i'd like to know if this windows copy is safe to install on other PCs.
I did a clean windows install of XP SP2 with IE7, WMP 11. Went to windows update and got all high priority updates avaliable
Non Microsoft programs i installed: Outpost, Avast, Spy Sweeper, CCleaner, Power DVD 7, Nero Burning ROM Micro, DVD Shrink 3.2, utorrent, winrar 3.7, foxit reader 2.
Here's the log:
Logfile of HijackThis v1.99.1
Scan saved at 10:30:27, on 22/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Agnitum\Outpost Firewall\outpost.exe
C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Webroot\Spy Sweeper\SSU.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\HijackThis\Analyse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Outpost Firewall] C:\Arquivos de programas\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Arquivos de programas\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1182461380377
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Arquivos de programas\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe
0
HJT log
Started by gustavomed, Jun 22 2007 02:54 PM
2 replies to this topic
#2 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 22 June 2007 - 09:57 PM
The log looks ok but if your using a hacked version of windows there is no telling what the person could have done to it.
#3 OFFLINE
-
- Members
-
- 2 posts
Newbie
Posted 22 June 2007 - 10:48 PM
Cool thanks for analysing that log, really apreciate it.
Between my post and your reply i ran a kaspersky scan and it also showed nothing. So considering the clean install and no signs of malware by many of the best anti-spy/virus, and showing a clean hijackthis log i think i can stop concerning. About the copy, yes it was handed to me, but original owner says the winXP SP2 is untouched, with the addition of the updates on an extra folder. I scanned the CD as well, all negative.
Anyway, thanks again
Regards
Gustavo
Between my post and your reply i ran a kaspersky scan and it also showed nothing. So considering the clean install and no signs of malware by many of the best anti-spy/virus, and showing a clean hijackthis log i think i can stop concerning. About the copy, yes it was handed to me, but original owner says the winXP SP2 is untouched, with the addition of the updates on an extra folder. I scanned the CD as well, all negative.
Anyway, thanks again
Regards
Gustavo
