Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

some things better, still loads slowly or has trouble doing

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

some things better, still loads slowly or has trouble doing

Unread postby stevemel2003 » July 21st, 2007, 4:16 pm

Logfile of HijackThis v1.99.1
Scan saved at 4:10:00 PM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Support.com\bin\tgcmd.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... _homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... _homepage/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
stevemel2003
Active Member
 
Posts: 5
Joined: July 18th, 2007, 6:43 pm
Advertisement
Register to Remove

Unread postby askey127 » July 21st, 2007, 5:26 pm

Hi stevemel2003,
-----------------------------------------------------------
YOU HAVE NO ANTI-VIRUS PROGRAM
Download just one of these free anti-virus programs, update it and run a full scan. Have it fix anything it finds.
*Grisoft AVG from here : http://free.grisoft.com/doc/1
*AntiVir Free from here : http://www.free-av.com/
*Avast Home Edition from here : http://www.avast.com/eng/down_home.html
------------------------------------------------------------
Update your Java.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.
  • Close any programs you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel > Add/Remove Programs.
  • Check any item with Java Runtime Environment, JRE, J2SE, or Java Webstart in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all installed versions of Java.
  • Reboot your computer once all Java components are removed.

Then download the latest version of Java Runtime Environment(JRE), and install it to your computer.

Now tell me what problenms you are having with your PC, and tell me if you still use AOL..
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13897
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

better but

Unread postby stevemel2003 » July 21st, 2007, 8:37 pm

- <history>
- <!-- 01c7cbb5f4ac7350
-->
- <rec time="2007/07/21 16:41:15" user="Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/07/21 17:47:04" user="Owner" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2007/07/21 17:48:57" user="Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/07/21 18:21:46" user="Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/07/21 19:16:22" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093163.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">BackDoor.Agent.2.H</attr>
</rec>
- <rec time="2007/07/21 19:16:24" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093164.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">BackDoor.Agent.2.H</attr>
</rec>- <history>
- <!-- 01c7cbb5f4ac7350
-->
- <rec time="2007/07/21 16:41:15" user="Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/07/21 17:47:04" user="Owner" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2007/07/21 17:48:57" user="Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/07/21 18:21:46" user="Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/07/21 19:16:22" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093163.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">BackDoor.Agent.2.H</attr>
</rec>
- <rec time="2007/07/21 19:16:24" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093164.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">BackDoor.Agent.2.H</attr>
</rec>
- <rec time="2007/07/21 19:16:24" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093167.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Tinytest.A</attr>
</rec>
- <rec time="2007/07/21 19:16:25" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093169.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Startpage.3.AT</attr>
</rec>
- <rec time="2007/07/21 19:38:07" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINDOWS\SYSTEM32\WebInstall.dll</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Tinytest.B</attr>
</rec>
- <rec time="2007/07/21 19:40:54" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINDOWS\Temp\hp_upd.cab</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Startpage.3.AT</attr>
</rec>
- <rec time="2007/07/21 19:41:52" user="Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">6</attr>
</rec>
- <rec time="2007/07/21 19:41:55" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093163.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2007/07/21 19:41:55" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093164.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2007/07/21 19:41:56" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093167.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2007/07/21 19:41:56" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093169.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2007/07/21 19:41:56" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINDOWS\SYSTEM32\WebInstall.dll</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2007/07/21 19:41:56" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINDOWS\Temp\hp_upd.cab</attr>
<attr name="action">@HL_ActVVInserted</attr>
</rec>
</history>- <history>
- <!-- 01c7cbb5f4ac7350
-->
- <rec time="2007/07/21 16:41:15" user="Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/07/21 17:47:04" user="Owner" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2007/07/21 17:48:57" user="Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/07/21 18:21:46" user="Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/07/21 19:16:22" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093163.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">BackDoor.Agent.2.H</attr>
</rec>
- <rec time="2007/07/21 19:16:24" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093164.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">BackDoor.Agent.2.H</attr>
</rec>
- <rec time="2007/07/21 19:16:24" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093167.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Tinytest.A</attr>
</rec>
- <rec time="2007/07/21 19:16:25" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093169.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Startpage.3.AT</attr>
</rec>
- <rec time="2007/07/21 19:38:07" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINDOWS\SYSTEM32\WebInstall.dll</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Tinytest.B</attr>
</rec>
- <rec time="2007/07/21 19:40:54" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINDOWS\Temp\hp_upd.cab</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Startpage.3.AT</attr>
</rec>
- <rec time="2007/07/21 19:41:52" user="Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">6</attr>
</rec>
- <rec time="2007/07/21 19:41:55" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093163.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2007/07/21 19:41:55" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093164.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2007/07/21 19:41:56" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093167.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2007/07/21 19:41:56" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093169.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2007/07/21 19:41:56" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINDOWS\SYSTEM32\WebInstall.dll</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2007/07/21 19:41:56" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINDOWS\Temp\hp_upd.cab</attr>
<attr name="action">@HL_ActVVInserted</attr>
</rec>
</history>
- <rec time="2007/07/21 19:16:24" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093167.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Tinytest.A</attr>
</rec>
- <rec time="2007/07/21 19:16:25" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093169.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Startpage.3.AT</attr>
</rec>
- <rec time="2007/07/21 19:38:07" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINDOWS\SYSTEM32\WebInstall.dll</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Tinytest.B</attr>
</rec>
- <rec time="2007/07/21 19:40:54" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINDOWS\Temp\hp_upd.cab</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Startpage.3.AT</attr>
</rec>
- <rec time="2007/07/21 19:41:52" user="Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">6</attr>
</rec>
- <rec time="2007/07/21 19:41:55" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093163.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2007/07/21 19:41:55" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093164.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2007/07/21 19:41:56" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093167.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2007/07/21 19:41:56" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1783\A0093169.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2007/07/21 19:41:56" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINDOWS\SYSTEM32\WebInstall.dll</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2007/07/21 19:41:56" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINDOWS\Temp\hp_upd.cab</attr>
<attr name="action">@HL_ActVVInserted</attr>
</rec>
</history>
stevemel2003
Active Member
 
Posts: 5
Joined: July 18th, 2007, 6:43 pm

Unread postby askey127 » July 21st, 2007, 9:30 pm

stevemel2003,
During these posts and this process, Please do not Use System Restore, OR turn it off unless I instruct you to do so.
You do have some infected files backed up in System Restore. We will take care of those later.

There is possible evidence of a past backdoor trojan infection, called a remote access trojan-not sure yet. Do you use this computer for financial transactions like banking, investing, credit card purchases?
-----------------------------------------------------------
Download ATF Cleaner by Atribune © from here : http://www.atribune.org/ccount/click.php?id=1
It is a stand-alone program that does not need to be "installed". Save it to a convenient location and make a shortcut on your desktop.
Double-click ATF-Cleaner.exe or your shortcut to run the program.
Under Main, choose Select All
Click Empty Selected
When it tells you how much has been removed, click Exit to close.
-----------------------------------------------------------
Download and Run AVG Anti-Spyware:
(This is not the same as AVG AntiVirus)
Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
Close all open windows.
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
-----------------------------------------------------------
Post a New HJT Log
Reboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply, along with the AVG Anti-Spyware report.
Also tell me about the uses of the computer. What symptoms are you having that I need to know about?
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13897
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby askey127 » July 22nd, 2007, 4:22 pm

stevemel2003,
There was a server memory error when you tried to post your logs. They were HUGE.

Two things:
  • Please post each log in a separate reply.
  • Be sure the logs are copied and pasted as unformatted plain text. If the files are saved and copied correctly as plain text, they are not loaded with <xxxxx> formatting words, as was your previous post. Can you tell it looks funny on the forum?

When you paste a reply to the forum here, you can choose Preview to see what it looks like before you SUBMIT the reply.

Thanks
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13897
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

formated unformated? hijack log . this right?

Unread postby stevemel2003 » July 27th, 2007, 6:41 pm

Logfile of HijackThis v1.99.1
Scan saved at 6:26:24 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... _homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... _homepage/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
stevemel2003
Active Member
 
Posts: 5
Joined: July 18th, 2007, 6:43 pm

Unread postby askey127 » July 27th, 2007, 7:38 pm

-----------------------------------------------------------
Run AVG Anti-Spyware:
Open AVG-AntiSpyware
Close all open windows.
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.

Please post the report in a reply.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13897
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby NonSuch » August 8th, 2007, 2:23 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27228
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware