Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Dunno what to do

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Dunno what to do

Unread postby Etzo » March 24th, 2008, 2:44 pm

Pls help us

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37:24, on 24.3.2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\winnt\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
D:\Ware\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\F-SECURE ROX\Anti-Virus\fsgk32st.exe
C:\Program Files\F-SECURE ROX\Anti-Virus\FSGK32.EXE
C:\Program Files\F-SECURE ROX\Common\FSMA32.EXE
C:\winnt\System32\nvsvc32.exe
C:\Program Files\F-SECURE ROX\Common\FSMB32.EXE
C:\winnt\system32\regsvc.exe
C:\winnt\system32\MSTask.exe
C:\Program Files\F-SECURE ROX\Common\FCH32.EXE
C:\winnt\system32\stisvc.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\winnt\system32\svchost.exe
C:\Winnt\Q2F0aGVyaW5lICBOb3Jkc3Ryb20\command.exe
C:\Program Files\F-SECURE ROX\Anti-Virus\fsqh.exe
C:\Program Files\F-SECURE ROX\Common\FAMEH32.EXE
C:\Program Files\F-SECURE ROX\FSAUA\program\fsaua.exe
C:\Program Files\F-SECURE ROX\FWES\Program\fsdfwd.exe
C:\Program Files\F-SECURE ROX\FSAUA\program\fsus.exe
C:\Program Files\F-SECURE ROX\Anti-Virus\fssm32.exe
C:\winnt\Explorer.EXE
C:\Program Files\TeleWell TW-IA300C ADSL\CnxDslTb.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\F-SECURE ROX\Common\FSM32.EXE
C:\Program Files\F-SECURE ROX\FSGUI\ispnews.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\F-SECURE ROX\FSGUI\fsguidll.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\winnt\System32\SCardSvr.exe
C:\winnt\system32\taskmgr.exe
D:\Ware\Foobar\foobar2000.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\F-SECURE ROX\Anti-Virus\fsav32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\winnt\System32\svchost.exe
C:\WINNT\explorer.exe
D:\Ware\Hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\TeleWell TW-IA300C ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-SECURE ROX\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-SECURE ROX\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-SECURE ROX\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Ohjelmia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "g:\steam\steam.exe" -silent
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Ohjelmia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
http://appdirectory.messenger.msn.com/A ... ngctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... owdown.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Ohjelmia\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\F-SECURE ROX\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-SECURE ROX\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-SECURE ROX\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-SECURE ROX\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2F0aGVyaW5lICBOb3Jkc3Ryb20\command.exe

--
End of file - 6995 bytes
Etzo
Banned Member
 
Posts: 99
Joined: March 21st, 2007, 11:05 am
Advertisement
Register to Remove

Re: Dunno what to do

Unread postby askey127 » March 28th, 2008, 2:41 pm

Hi Etzo,
----------------------------------------------------------
Download and Install CCleaner
  • Download CCleaner from here . Choose the Slim version.
  • Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
  • Click OK
  • Click Next
  • Click I agree
  • Click Next
  • Click Install
  • Once the installation has finished, click Finish
-----------------------------------------------------------
Stop, Disable and Delete A Service
Go to Start, Run OR Start, Programs, Accessories, Command Prompt and type Services.msc and click OK.
Under the Extended Tab, Scroll down and find the service.

Command Service

Click once on the service to highlight it.
Right-Click on the service. Click on Properties
Select the General tab.
Next to Service Status, click Stop.
Click the Arrow-down tab on the right-hand side of the Start-up Type box.
From the drop-down menu, click on Disabled
Click Apply , then OK

Delete the Service
Open HiJackThis. Click on Config, Misc Tools, Delete an NT Service
Type cmdService in the space provided and click OK
The program will ask you to REBOOT --- Accept.

Sign in to your usual account.
Using Windows Explorer, locate and DELETE the following folder (if it still is present):
C:\WINDOWS\Q2F0aGVyaW5lICBOb3Jkc3Ryb20\
-----------------------------------------------------------
Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
-----------------------------------------------------------
Post a New HiJackThis Log
Start HijackThis
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply, along with CCleaner's install.txt..
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Dunno what to do

Unread postby NonSuch » April 7th, 2008, 11:44 pm

Due to Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27305
Joined: February 23rd, 2005, 7:08 am
Location: California


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 70 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware