Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hello,my Hijackthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hello,my Hijackthis log

Unread postby draco76 » February 16th, 2007, 4:28 pm

Hello very new to all this can i have your help pls?
Logfile of HijackThis v1.99.1
Scan saved at 10:22:31 ìì, on 16/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Personal Firewall\CPF.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ã
draco76
Active Member
 
Posts: 6
Joined: February 16th, 2007, 6:39 am
Advertisement
Register to Remove

Unread postby Shaba » February 18th, 2007, 6:13 am

Hi draco76

Do you have any specific problems?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby draco76 » February 18th, 2007, 6:53 am

Hello Shaba
My computer looks ok but i wanted to be checked before i ask you to join the university .Also i have two questions: 1) What is 011 and 021? Can you give me details so i can understand because i am learning by myself and i don't know much. I am sending you a new hijackthis log to check..
Logfile of HijackThis v1.99.1
Scan saved at 12:45:13 ìì, on 18/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Personal Firewall\CPF.exe
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ã
draco76
Active Member
 
Posts: 6
Joined: February 16th, 2007, 6:39 am

Unread postby Shaba » February 18th, 2007, 7:02 am

Hi

011 is related to Internet Explorer 7

021

02 BHO SSV helperclass and the 09 Extra tools menu item Sun Java Console are related to Sun Java and are ok :)

016 DPF YInst Starter Class is related to yahoo! messenger, link

Have you set these by yourself?

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby draco76 » February 18th, 2007, 7:18 am

:? so... listen to my story
I live in a small island and a friend gave me her pc to learn.It was full of thinks that i didn't need,so a "friend" ( :evil: ) that i've asked for help he told it would be better to clean and make a format.He said that i wouldn't have any problems with my windows but he knew that by doing that it was illegal and i think he did it to take the windows number :cry: now i've already done to formats the second was from a mechanic we have here.He said that everything is ok but ... I want to be honest 1) I don't know if windows are ok ,meaning legal and 2)in summer i want to get a new pc and a new copy of windows but can i have your help ?
The two R0 was nat set by me what can i do?
If you cannot help i'll understand thanks
draco76
Active Member
 
Posts: 6
Joined: February 16th, 2007, 6:39 am

Unread postby Shaba » February 18th, 2007, 7:30 am

Hi

We can validate your windows if you like

If you buy a new pc then choose one with windows already installed.

For those R0 lines:

Open HijackThis, click do a system scan only and checkmark these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank


Close all windows including browser and press fix checked.

Reboot and those entries should be gone :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby draco76 » February 18th, 2007, 7:46 am

he has validate them and microsoft accepts them its just that its not OEM because he has a small school for computers which i cannot go now because i have two children :lol: so i told you all this to tell me if i am clean and ok to join the MRU and how i do that.
Thank you for your help about these entries i'll be right back
draco76
Active Member
 
Posts: 6
Joined: February 16th, 2007, 6:39 am

Unread postby Shaba » February 18th, 2007, 7:55 am

Hi

So is your copy of windows some kind of corporate edition?

Your log is ok except those two entries.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby draco76 » February 18th, 2007, 8:21 am

sorry i'll be back in afternoon i have to go when i called microsoft they said its a number that companies use probably its because its professional sp2 but not home edition.
second i fixed these entries but its also R0 local page that it has nothing is that bad? have a look thank yopu i'll be back later
Logfile of HijackThis v1.99.1
Scan saved at 2:21:36 ìì, on 18/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Personal Firewall\CPF.exe
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ã
draco76
Active Member
 
Posts: 6
Joined: February 16th, 2007, 6:39 am

Unread postby Shaba » February 18th, 2007, 9:06 am

Hi

That R0 line has no value set; you can fix it if you like.

I suggest that you visit here and post back results, please :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby draco76 » February 19th, 2007, 4:32 pm

Hello again
First i have to go to our mechanic and ask him how to send something on the internet cause i don't know.
I went to the page i made the work with the tool of windows validation assisant and it says that my system is authentic but couln't come to total conclusion so i have to find time and take my tower back to him and do this from his place with his cd which is not very easy for me now it will take me a few days.I will try to send you what microsoft said but its all in greek :? ,anyway I'll send it I'll do copy and paste that's the only way i know

Åõ÷áñéóôïýìå ðïõ åêôåëÃ
draco76
Active Member
 
Posts: 6
Joined: February 16th, 2007, 6:39 am

Unread postby Shaba » February 20th, 2007, 4:46 am

Hi

Ok, I expect to hear from you in the near future :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby markkhunt » March 3rd, 2007, 10:37 am

Whilst we appreciate that you may be busy, it has been 10 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
markkhunt
Admin/Teacher Emeritus
 
Posts: 7911
Joined: April 15th, 2005, 8:58 pm
Location: Newburgh, IN
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 39 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware