Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

MALWARE OF SOME KIND .PLZ HELP - here is my hijackthis Scan!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

MALWARE OF SOME KIND .PLZ HELP - here is my hijackthis Scan!

Unread postby Dunken » January 11th, 2008, 1:51 pm

HI THIS IS MY FIRST TIME HERE AND IM SEEKING SOME PRO HELP :lol:

HERE IS MY hijackthis SCAN.

problem :arrow:

i got this first time when i tried to installed my "BulletProofSoft.BPS.Spyware.Adware.Remover.v9.4.0.3"
i think i got some malware o virus in my sytem because
i formated my system and did a clean install on WIN XP .

but still i got this upp when im trying to install my BulletProofSoft.BPS.Spyware.Adware.Remover.v9.4.0.3
:arrow: ----
c:windowssystem32progressbar4.ocx
Unable to register the DLL/OCX: RegSvr32 failed with exit code 0x3
-------------
and i have to do a rollback on the instalation.

so plz can you help me .

thank.. Dunken ..
------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:41:35, on 2008-01-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Program\Lock My PC 4\lockpc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\Program\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program\Java\jre1.6.0_03\bin\jusched.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program\Logitech\SetPoint\SetPoint.exe
C:\Program\Stardock\ObjectDock\ObjectDock.exe
C:\Program\Delade filer\Logitech\khalshared\KHALMNPR.EXE
C:\Program\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\Program\Windows Live\Messenger\MsnMsgr.Exe
C:\Program\Windows Live\Messenger\usnsvc.exe
C:\Program\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\DunkeN\Skrivbord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)
O2 - BHO: Servicecenter Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program\Bredbandsbolaget\Servicecenter\IEFixItNowPlugin.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" /minimized
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 6863 bytes
Dunken
Active Member
 
Posts: 3
Joined: January 11th, 2008, 1:35 pm
Advertisement
Register to Remove

Re: MALWARE OF SOME KIND .PLZ HELP - here is my hijackthis Scan!

Unread postby SpotCheckBilly » January 14th, 2008, 10:35 pm

Hello Dunken,

Welcome to the MRU forums.

Sorry it has taken so long for someone to reply. As you can tell, it's very busy around here and often there are just not enough of us to keep up.

===Very Important===


The instructions in this thread have been specifically designed for THIS USER'S MACHINE ONLY . You should not use these instructions to clean your machine. Doing so could cause irreparable damage to your machine. If you need assistance, please start your own thread.

==


Something to keep in mind as we work through this fix. Please do not run any scans/tools or other fixes unless I ask you to. This is very important for two reasons:
1. Infections usually require that steps be done in specific order to make sure it is cleaned out completely.
2. Most of the tools that we use nowadays can cause irreparable damage to your computer if not used correctly.

Additionally, often it's easy to get confused during complex fixes, so if you are unsure about, or do not understand a step -- Do not skip the step.. Please just stop and ASK! Always remember -- there is no such thing as a stupid question.

That being said, let's get started. :)

First things first. I would recommend that you not install BPS Spyware.Adware.Remover. See the Rogue/Suspect Programs for more information on this product. You already have a very good Anti-Spy Ware product installed (AVG). If you feel that you need more protection, Windows Defender, which is free, also provides for a good protection.

There is very little going on in your HijackThis log. Nothing really looks suspicious but there are a couple of minor things that we can take care of.

Please disable AVG Anti-Spyware until the computer is clean.
  • Double-click the AVG Anti-Spyware icon' in the system tray.
  • In the Resident Shield section:
  • Toggle the AVG Anti-Spyware active protection off by clicking Change state.
  • Status will switch to inactive.
Note: If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to Restart the Resident Shield. Reply No and set it to inactive for the duration of your cleanup.

Don't forget to re-enable it, when your computer is clean.

Run HiJackThis and click "Do a system scan only", then check(tick) the following, if present:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)

O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)

With all windows closed except HiJackThis, click "Fix checked".

If you're having any difficulties other than the installation/registration error that you described, please give me the details -- be as specific as possible -- along with a fresh HijackThis log. We can dig deeper if we need to. :wave:

SpotCheckBilly
User avatar
SpotCheckBilly
MRU Master
MRU Master
 
Posts: 943
Joined: February 22nd, 2005, 5:14 am
Location: Twin Cities, MN

Re: MALWARE OF SOME KIND .PLZ HELP - here is my hijackthis Scan!

Unread postby Dunken » January 15th, 2008, 4:05 pm

Thx..

i did like u told me and thx about BSP bulletproof i`m going to use SVG Anti-Spyware ..

ill post again if i got more problem.
Dunken
Active Member
 
Posts: 3
Joined: January 11th, 2008, 1:35 pm

Re: MALWARE OF SOME KIND .PLZ HELP - here is my hijackthis Scan!

Unread postby SpotCheckBilly » January 15th, 2008, 6:57 pm

Hello Dunken,

I'm glad everything is working well now. That page with the Rogue/Suspect programs is a good one to bookmark as a reference page. Bogus anti-spyware/anti-Malware are everywhere in that page keeps very good track of them.

If you run into any more problems, start a new thread and we will be happy to help you. :wave:

SpotCheckBilly
User avatar
SpotCheckBilly
MRU Master
MRU Master
 
Posts: 943
Joined: February 22nd, 2005, 5:14 am
Location: Twin Cities, MN

Re: MALWARE OF SOME KIND .PLZ HELP - here is my hijackthis Scan!

Unread postby Gary R » January 16th, 2008, 5:26 am

This topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 21775
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware