Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help...Here is hijackthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Please help...Here is hijackthis log

Unread postby neech » January 23rd, 2008, 5:35 pm

PLEASE NOTE:
MY H AND I DRIVES ARE IPODS...I FORMATTED THEM WITH INBUILT FORMAT FUNCTION WITHIN THE IPOD...SO I WILL NO LONGER CONNECT THEM TO MY PC UNTIL ITS CLEANED
NOW NAV 2007 POPS UP TROJANS SECURITY RISKS

HERE IS THE SYSCLEAN LOG:



/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2008-01-21, 10:54:35, Auto-clean mode specified.
2008-01-21, 10:54:35, Running scanner "C:\Documents and Settings\B h a r a t\Desktop\Sysclean\TSC.BIN"...
2008-01-21, 10:57:23, Scanner "C:\Documents and Settings\B h a r a t\Desktop\Sysclean\TSC.BIN" has finished running.
2008-01-21, 10:57:23, TSC Log:

2008-01-21, 10:57:27, An error was detected on "C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\*.*": Access is denied.
2008-01-21, 10:57:27, An error was detected on "C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\*.*": Access is denied.
2008-01-21, 10:57:57, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2008-01-21, 10:58:16, An error was detected on "D:\System Volume Information\*.*": Access is denied.
2008-01-21, 11:23:11, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/21/2008 10:58:18
VSAPI Engine Version : 8.500-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 951 (249931 Patterns) (2008/01/17) (495100)
Command Line: C:\Documents and Settings\B h a r a t\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\B h a r a t\Desktop\Sysclean

C:\RECYCLER\S-1-5-21-839522115-57989841-1801674531-1003\Dc21\Quarantine\H\autorun.inf.vir [Possible_Otorun1]
28957 files have been read.
28957 files have been checked.
28928 files have been scanned.
67222 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/21/2008 11:23:09
---------*---------*---------*---------*---------*---------*---------*---------*
2008-01-21, 11:23:11, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/21/2008 10:58:17
VSAPI Engine Version : 8.500-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 951 (249931 Patterns) (2008/01/17) (495100)
Command Line: C:\Documents and Settings\B h a r a t\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\B h a r a t\Desktop\Sysclean

28957 files have been read.
28957 files have been checked.
28928 files have been scanned.
67222 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/21/2008 11:23:09 24 minutes 50 seconds (1490.20 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2008-01-21, 11:23:11, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/21/2008 10:58:17
VSAPI Engine Version : 8.500-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 951 (249931 Patterns) (2008/01/17) (495100)
Command Line: C:\Documents and Settings\B h a r a t\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\B h a r a t\Desktop\Sysclean

28957 files have been read.
28957 files have been checked.
28928 files have been scanned.
67222 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/21/2008 11:23:09 24 minutes 50 seconds (1490.20 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2008-01-21, 11:23:11, Scanner "C:\Documents and Settings\B h a r a t\Desktop\Sysclean\VSCANTM.BIN" has finished running.
2008-01-21, 11:36:21, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/21/2008 11:23:12
VSAPI Engine Version : 8.500-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 951 (249931 Patterns) (2008/01/17) (495100)
Command Line: C:\Documents and Settings\B h a r a t\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\B h a r a t\Desktop\Sysclean

3103 files have been read.
3103 files have been checked.
3102 files have been scanned.
18335 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/21/2008 11:36:17
---------*---------*---------*---------*---------*---------*---------*---------*
2008-01-21, 11:36:21, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/21/2008 11:23:12
VSAPI Engine Version : 8.500-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 951 (249931 Patterns) (2008/01/17) (495100)
Command Line: C:\Documents and Settings\B h a r a t\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\B h a r a t\Desktop\Sysclean

3103 files have been read.
3103 files have been checked.
3102 files have been scanned.
18335 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/21/2008 11:36:17 13 minutes 4 seconds (783.58 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2008-01-21, 11:36:21, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/21/2008 11:23:12
VSAPI Engine Version : 8.500-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 951 (249931 Patterns) (2008/01/17) (495100)
Command Line: C:\Documents and Settings\B h a r a t\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\B h a r a t\Desktop\Sysclean

3103 files have been read.
3103 files have been checked.
3102 files have been scanned.
18335 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/21/2008 11:36:17 13 minutes 4 seconds (783.58 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2008-01-21, 11:36:21, Scanner "C:\Documents and Settings\B h a r a t\Desktop\Sysclean\VSCANTM.BIN" has finished running.
--------------------------------------------------------------------------------------------------------------------

HERE IS THE COMBOFIX LOG:

ComboFix 08-01-23.1 - B h a r a t 2008-01-23 13:09:41.12 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.129 [GMT -8:00]
Running from: C:\Documents and Settings\B h a r a t\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\B h a r a t\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\uxdeiect.com
D:\uxdeiect.com
E:\uxdeiect.com
F:\uxdeiect.com
G:\uxdeiect.com
.

((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-23 13:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 07:17 . 2008-01-23 07:21 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-01-23 07:16 . 2008-01-23 07:19 <DIR> d-------- C:\Program Files\Symantec
2008-01-23 07:16 . 2008-01-23 07:19 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-23 07:16 . 2008-01-23 07:19 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-23 07:16 . 2008-01-23 07:19 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-23 07:16 . 2008-01-23 07:19 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-23 06:45 . 2008-01-23 11:58 16 --a------ C:\WINDOWS\system32\coh.cache
2008-01-23 05:18 . 2007-04-23 02:15 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-23 05:17 . 2008-01-23 05:18 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-22 14:18 . 2008-01-22 14:18 7,168 --ahs---- C:\WINDOWS\Thumbs.db
2008-01-22 04:04 . 2008-01-23 05:50 <DIR> d--hs---- C:\INCINERATE
2008-01-22 03:41 . 2008-01-23 12:54 1,399 --a------ C:\WINDOWS\SysMech6.INI
2008-01-22 03:37 . 2008-01-22 03:37 <DIR> d-------- C:\Program Files\iolo
2008-01-22 03:37 . 2006-12-20 17:48 1,212,416 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-01-22 03:37 . 2006-03-28 01:54 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-01-22 03:37 . 2005-09-12 13:20 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-01-22 03:37 . 2006-03-28 01:54 9,341 --a------ C:\WINDOWS\system32\drivers\filedisk.sys
2008-01-21 14:11 . 2008-01-21 14:11 <DIR> d-------- C:\Program Files\CCleaner
2008-01-21 11:50 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-21 04:16 . 2008-01-21 04:16 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-01-20 13:02 . 2008-01-21 00:17 <DIR> d-------- C:\Program Files\LeechGet 2004
2008-01-18 07:37 . 2008-01-18 07:38 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-18 07:37 . 2008-01-18 07:37 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-18 04:06 . 2008-01-18 04:06 0 --a------ C:\WINDOWS\PowerReg.dat
2008-01-18 04:04 . 2008-01-18 04:04 <DIR> d-------- C:\Program Files\NovaLogic
2008-01-18 04:03 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-12 02:19 . 2008-01-12 02:19 <DIR> d-------- C:\Program Files\Camfrog
2008-01-11 22:24 . 2008-01-11 22:24 <DIR> d-------- C:\WINDOWS\PaltalkScene
2008-01-11 22:24 . 2008-01-18 11:44 <DIR> d-------- C:\Program Files\Paltalk Messenger
2008-01-11 22:15 . 2004-05-11 08:14 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-01-11 22:15 . 2006-05-11 18:32 502,784 --a------ C:\WINDOWS\x2.64.exe
2008-01-11 22:15 . 2006-12-12 14:15 471,552 --a------ C:\WINDOWS\system32\Smab.dll
2008-01-11 22:15 . 2006-11-12 13:44 306,688 --a------ C:\WINDOWS\system32\avisynth.dll
2008-01-11 22:15 . 2005-11-10 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2008-01-11 22:15 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2008-01-11 22:15 . 2004-01-03 00:08 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2008-01-11 22:15 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2008-01-11 22:15 . 2005-07-11 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-01-11 02:09 . 2008-01-11 02:09 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-09 22:36 . 2008-01-09 22:36 <DIR> d-------- C:\Program Files\Broadcom
2008-01-09 22:36 . 2006-11-21 04:25 45,568 -ra------ C:\WINDOWS\system32\drivers\bcm4sbxp.sys
2008-01-09 11:19 . 2007-10-30 09:20 360,064 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-01-09 08:43 . 2004-07-13 20:16 139,264 --a------ C:\WINDOWS\system32\UStorSrv.exe
2008-01-09 08:43 . 2004-07-26 02:34 139,264 --a------ C:\WINDOWS\system32\OPDSL.DLL
2008-01-05 23:32 . 2008-01-05 23:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-05 02:12 . 2008-01-05 02:12 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-01-05 01:45 . 2008-01-05 01:45 <DIR> d-------- C:\Program Files\eRightSoft
2008-01-04 03:13 . 2008-01-04 03:13 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-25 09:52 . 2007-12-25 09:53 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-23 13:39 . 2007-12-23 13:39 <DIR> d-------- C:\Program Files\LimeWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 16:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-11 11:22 --------- d-----w C:\Program Files\WebcamMax
2007-12-22 09:46 --------- d-----w C:\Program Files\DIFX
2007-12-22 09:45 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-12-22 09:45 --------- d-----w C:\Program Files\Nokia
2007-12-22 09:45 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-12-22 09:45 --------- d-----w C:\Program Files\Common Files\Nokia
2007-12-16 08:28 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-16 08:28 --------- d-----w C:\Program Files\Ahead
2007-12-14 11:01 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-13 18:15 --------- d-----w C:\Program Files\Java
2007-12-13 16:46 --------- d-----w C:\Program Files\Common Files\Java
2007-12-11 16:49 --------- d-----w C:\Program Files\Real
2007-12-11 16:49 --------- d-----w C:\Program Files\Common Files\xing shared
2007-12-11 16:49 --------- d-----w C:\Program Files\Common Files\Real
2007-12-11 15:03 --------- d-----w C:\Program Files\MSXML 6.0
2007-12-11 14:28 --------- d-----w C:\Program Files\Windows Live
2007-12-10 18:20 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-10 14:16 --------- d-----w C:\Program Files\Microsoft LifeCam
2007-12-10 12:42 --------- d-----w C:\Program Files\Dell Support
2007-12-10 11:44 --------- d-----w C:\Program Files\eLitecore
2007-12-10 10:14 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-10 09:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-10 09:34 --------- d-----w C:\Program Files\SigmaTel
2007-12-10 09:33 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-10 09:31 5 ----a-w C:\WINDOWS\system32\drivers\DELL__.MRK
2007-12-10 09:31 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL__.MRK
2007-12-10 09:30 --------- d-----w C:\Program Files\Dell
2007-12-10 08:54 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-10 08:48 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-10 08:42 --------- d-----w C:\Program Files\Microsoft Games
2007-12-10 08:41 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-10 08:41 --------- d-----w C:\Program Files\Microsoft PowerToys
2007-12-10 08:41 --------- d-----w C:\Program Files\HashTab Shell Extension
2007-11-07 09:50 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-06 17:20 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 10:26 15360]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2006-12-20 17:47 557056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX6000"="C:\WINDOWS\vVX6000.exe" [2006-06-29 15:55 994096]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-11 08:49 180269]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 10:29 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 11:41 771704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Documents and Settings\B h a r a t\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-08-16 14:07:08 147456]

R0 ENO;ENO;C:\WINDOWS\system32\drivers\ENO.sys [2003-10-22 12:57]
R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2006-07-02 22:39]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys [2001-08-17 12:11]
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\BCM4E5.SYS [2001-08-17 12:11]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-06-29 15:56]

*Newly Created Service* - AUTOMATIC_LIVEUPDATE_SCHEDULER
*Newly Created Service* - CCEVTMGR
*Newly Created Service* - CCSETMGR
*Newly Created Service* - CLTNETCNSERVICE
*Newly Created Service* - LIVEUPDATE
*Newly Created Service* - NAVENG
*Newly Created Service* - NAVEX15
*Newly Created Service* - SPBBCDRV
*Newly Created Service* - SRTSP
*Newly Created Service* - SRTSPX
*Newly Created Service* - SYMANTEC_CORE_LC
*Newly Created Service* - SYMAPPCORE
*Newly Created Service* - SYMEVENT
.
Contents of the 'Scheduled Tasks' folder
"2008-01-23 15:22:19 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - B h a r a t.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 13:11:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-23 13:12:26
.
2008-01-09 23:09:47 --- E O F ---
--------------------------------------------------------------------------------------------------------------------

HERE IS THE HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:14, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\LeechGet 2004\LeechGet.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\B h a r a t\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2004\\Parser.html
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C19D9DE2-DD61-4577-9B1A-0648D1B03F44}: NameServer = 172.16.77.254
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 6112 bytes
---------------------------------------------------------------------------------------------------------------------
neech
Regular Member
 
Posts: 24
Joined: December 12th, 2007, 5:44 pm
Advertisement
Register to Remove

Re: Please help...Here is hijackthis log

Unread postby gringo_pr » January 27th, 2008, 10:32 am

hello neech

how is the PC doing now? are you still getting warnings from norton?

: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
    • The log can also be found here:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
      • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Now you should not have a problem running kaspersky so I want you to try again

:Run Kaspersky Online AV Scanner:

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer"
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Copy and paste the report into your next reply

before your next post I want you to reboot your PC and give me a new log from hijackthis


so in your next post let me
  • know how the PC is doing
  • have the log from Malwarebytes' Anti-Malware
  • have the log from Kaspersky Online AV Scanner
  • have the log from hijackthis

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Please help...Here is hijackthis log

Unread postby neech » January 27th, 2008, 4:19 pm

hello gringo

  • I usually don't get pop ups from norton antivirus...But sometimes when i browse websites(any) in the browser, the NAV shows pop ups whenever the yellow active X installation thing comes in the browser....The active X Says "Do you want to install html editor from microsoft coportation"...I don't install it...and just select "Dont Install"...

  • Malwarebytes' AntiMalware log:
    Malwarebytes' Anti-Malware 1.01
    Database version: 287

    Scan type: Full Scan (C:\|D:\|F:\|G:\|)
    Objects scanned: 50388
    Time elapsed: 17 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\B h a r a t\My Documents\GTA3\mythxpak.exe (Trojan.Agent) -> Quarantined and deleted successfully.


  • Kaspersky Online AV scanner log
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    2008-01-27 11:20
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 27/01/2008
    Kaspersky Anti-Virus database records: 534108
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\

    Scan Statistics:
    Total number of scanned objects: 34856
    Number of viruses found: 1
    Number of infected objects: 2
    Number of suspicious objects: 0
    Duration of the scan process: 01:03:02

    Infected Object Name / Virus Name / Last Action
    C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-27_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\64F47B43.TMP Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\C6AB8D95.TMP Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
    C:\Documents and Settings\B h a r a t\Application Data\GTek\GTUpdate\AUpdate\DellSupport\AUPNP.log Object is locked skipped
    C:\Documents and Settings\B h a r a t\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
    C:\Documents and Settings\B h a r a t\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
    C:\Documents and Settings\B h a r a t\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
    C:\Documents and Settings\B h a r a t\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
    C:\Documents and Settings\B h a r a t\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\B h a r a t\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\B h a r a t\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\B h a r a t\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\B h a r a t\Local Settings\History\History.IE5\MSHist012008012720080128\index.dat Object is locked skipped
    C:\Documents and Settings\B h a r a t\Local Settings\Temp\~DF5093.tmp Object is locked skipped
    C:\Documents and Settings\B h a r a t\Local Settings\Temp\~DF50BD.tmp Object is locked skipped
    C:\Documents and Settings\B h a r a t\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\B h a r a t\Local Settings\Temporary Internet Files\Content.IE5\X163VNT9\rotate[1].htm Object is locked skipped
    C:\Documents and Settings\B h a r a t\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\B h a r a t\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{E6386DF4-5348-4AD1-A145-A82D38E14BA0}\RP8\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
    D:\Bharat\Programs\Pc tech bootable cds\Emrgncy-Boot-CD-6-0-1.Final.iso/Program Files/UltraVNC/vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
    D:\Bharat\Programs\Pc tech bootable cds\Emrgncy-Boot-CD-6-0-1.Final.iso ISOimage: infected - 1 skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    D:\System Volume Information\_restore{E6386DF4-5348-4AD1-A145-A82D38E14BA0}\RP8\change.log Object is locked skipped

    Scan process completed.


  • Hijackthis log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:54, on 2008-01-27
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\vVX6000.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
    C:\WINDOWS\Integrator.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\B h a r a t\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
    O4 - Startup: Battery Doubler.lnk = C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
    O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2004\\AddUrl.html
    O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2004\\Wizard.html
    O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2004\\Parser.html
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C19D9DE2-DD61-4577-9B1A-0648D1B03F44}: NameServer = 172.16.77.254
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 5900 bytes
neech
Regular Member
 
Posts: 24
Joined: December 12th, 2007, 5:44 pm

Re: Please help...Here is hijackthis log

Unread postby gringo_pr » January 28th, 2008, 12:57 am

Hello neech

: Remove bad HijackThis entries

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

:uninstall some programs:

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add remove programs
click on the following programs
Java(TM) 6 Update 3
and click on remove


: Update Java :

Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.
  • Download the latest version of Java(TM) SE Runtime Environment 6u4.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on the download to install the newest version.


: Recovery Console :

we need to install the Recovery Console on this computer
this is very important it could save you later

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System

Image

the one for you is Windows XP Service Pack 2 (SP2)

Download the file & save it as it's originally named, next to ComboFix.exe.



Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

## Important ##
This is a precautionary measure. Please do not reboot the machine until we have reviewed the log & responded to you.


: information and logs :

In your next post I need the following

    1.the CF_RC.txt log
    2.by chance do you mean Mewsoft (not Microsoft) HTML Installer
    3.don't worry we are getting close
    4.a new hijackthis log

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Please help...Here is hijackthis log

Unread postby neech » January 31st, 2008, 2:21 am

hello gringo

  • CF-RC Log:
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons


  • I didnt mean mewsoft...i meant microsoft...There are two activeX which usually displays...Microsoft html editor and Microsoft remote data server services

  • Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12, on 2008-01-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\B h a r a t\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2004\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C19D9DE2-DD61-4577-9B1A-0648D1B03F44}: NameServer = 172.16.77.254
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 6063 bytes


Please note: What about the viruses and trojans detected in the Kapersky Online AV Scanner? How to remove them?
neech
Regular Member
 
Posts: 24
Joined: December 12th, 2007, 5:44 pm

Re: Please help...Here is hijackthis log

Unread postby Elrond » January 31st, 2008, 4:04 am

There is no need to scream at the helper. He is a volunteer that gives his time freely to help you. His questions are completely relevant and needs to be asked to be sure of what is going on.
The Kaspersky log is clean. It is all either legitimate files or files that are already removed and will be taken care of when gringo tells you that the computer is clean.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Please help...Here is hijackthis log

Unread postby gringo_pr » January 31st, 2008, 4:45 am

Hello neech
Please note: What about the viruses and trojans detected in the Kapersky Online AV Scanner? How to remove them?

D:\Bharat\Programs\Pc tech bootable cds\Emrgncy-Boot-CD-6-0-1.Final.iso/Program Files/UltraVNC/vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
D:\Bharat\Programs\Pc tech bootable cds\Emrgncy-Boot-CD-6-0-1.Final.iso ISOimage: infected - 1 skipped

these are the lines that were flaged by kaspersky if you look at the program you will see that it is not a virus but a tool that can be misused
if you would like to remove them then uninstall the program and delete this folder D:\Bharat\Programs\Pc tech bootable cds


This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are

: Clean temp files :

Download and Run AFT Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program



Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Image

remove tools

Let's clear out the programmes we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.


Please download OTMoveIt and save it to desktop.
  • Double click OTMoveIt.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTMoveIt will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • When finished exit out of OTMoveIt
  • The tool will delete itself once it finishes, if not delete it by yourself.

Set correct settings for files that should be hidden in Windows XP
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
  • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
  • If unchecked please check Hide protected operating system files (Recommended)
  • If necessary check "Display content of system folders"
  • If necessary Uncheck Hide file extensions for known file types.
  • Click OK

clear system restore points

This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.


Make your Internet Explorer more secure - This can be done by following these simple instructions:

I would like you to check this link on how to make IE7 more secure: http://surfthenetsafely.com/ieseczone8.htm

Turn On Automatic Updates

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



antispyware programs

you have a couple of good antispyware programs on this computer but you still can try some of these others to see if you like them also

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spybot Search & Destroy - Spybot is a tool like Ad-Aware SE whereas it seeks out and removes known spyware from your machine. These two tools (Ad-Aware & spybot) are perfect complements to each other as one will most always find something the other missed.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • IE_Spyad - Works by placing known "bad" sites into your Internet Explorer "Restricted Zones" prohibiting them from doing potentially problematic things to your computer.


Consider a custom hosts file

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

Use an alternative Internet Browser

Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead.

Maxthon Browser
Firefox
Opera
K-Meleon


Also please read this great article by Tony Klein So How Did I Get Infected In First Place

Now you have followed my advice - it's time to lodge a complaint against what you have suffered.........

Malware Complaints
If you were infected .... Stand Up and be Counted.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

well I will say if you are going to study you have a real good jumpstart with this computer, you have done well as a victim, now I hope you do well as a fighter and I hope to see you in the forum if you have any questions just ask!

about the Microsoft html editor and Microsoft remote data server services don't realy know what to say, check the sites that this happens on,

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Please help...Here is hijackthis log

Unread postby neech » February 1st, 2008, 9:23 am

Elrond wrote:There is no need to scream at the helper. He is a volunteer that gives his time freely to help you. His questions are completely relevant and needs to be asked to be sure of what is going on.
The Kaspersky log is clean. It is all either legitimate files or files that are already removed and will be taken care of when gringo tells you that the computer is clean.



I havent screamed n i didnt mean to...it was just that i thought maybe gringo had forgotten about it...It was just a reminder
neech
Regular Member
 
Posts: 24
Joined: December 12th, 2007, 5:44 pm

Re: Please help...Here is hijackthis log

Unread postby Elrond » February 4th, 2008, 2:08 pm

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware