Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HJK log for Mikeswim07

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HJK log for Mikeswim07

Unread postby tmax » July 31st, 2008, 4:21 pm

Managed to open it, see below:
Tuesday, July 29, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version:
Program database last update: Tuesday, July 29, 2008 19:51:46
Records in database: 1023975

Scan settings:
Scan using the following database: extended
Scan archives: no
Scan mail databases: yes

Scan area - My Computer:

Scan statistics:
Files scanned: 73392
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 00:55:14

File name / Threat name / Threats count
C:\QooBox\Quarantine\C\WINDOWS\system32\lanmanwrk.exe.vir Infected: Trojan.Win32.Pakes.jrt 1
C:\QooBox\Quarantine\C\WINDOWS\system32\WinCtrl32.dll.vir Infected: Trojan-Downloader.Win32.Mutant.aks 1
C:\QooBox\Quarantine\C\WINDOWS\system32\WinCtrl32.dl_.vir Infected: Trojan-Downloader.Win32.Mutant.aks 1

The selected area was scanned.
Regular Member
Posts: 27
Joined: July 2nd, 2008, 4:33 pm
Register to Remove

Re: HJK log for Mikeswim07

Unread postby tmax » July 31st, 2008, 4:26 pm

Kasp scan above & here is todays Hijak scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:06, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Virgin Net Broadband\Dragdiag.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Virgin Net Broadband\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveuk02.custhelp.com/7560-b440h ... a/RntX.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

End of file - 9413 bytes
Regular Member
Posts: 27
Joined: July 2nd, 2008, 4:33 pm

Re: HJK log for Mikeswim07

Unread postby Elrond » August 1st, 2008, 3:12 am

All the logs look clean. Is your computer behaving itself?

Now for some cleanup of the tools we have used.

Go to Start > Run - type in ComboFix /u & click OK

Please download OTCleanIt from http://download.bleepingcomputer.com/ol ... leanIt.exe
Click the OTCleanIt icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt

Now for some advice to help you keep your computer uninfected:
Your computer now seems to be clean. Therefore please

  1. Clean out Temporary Files etc.
    This program is for Vista, XP and Windows 2000 only
    Please download ATF Cleaner by Atribune.
    1. Double-click ATF-Cleaner.exe to run the program.
    2. Under Main choose: Select All. Then remove the check mark for cookies
    3. Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
    • Remove the check mark for Cookies
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt if asked .
    If you use Opera browser
    • Click Opera at the top and
    • choose: Select All.
    • Remove the check mark for Cookies
    • Click the Empty Selected button.
    It is a good idea to do this every few weeks as a lot of junk collects there over time.

  2. Set correct settings for files that should be hidden in Windows XP
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please checkHide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK

  3. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.

  4. if you are using Internet Explorer v. 6
    Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
    There are good reasons to upgrade to Internet Explorer v. 7. Do look into this. You can find a lot of information about it on Microsoft's website.

  5. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

  6. Update your Anti Virus Software - It is imperative that you update your Anti virus software at least a few times a week (Once a day is a good idea). If you do not update your anti virus software it will not be able to catch new variants that come out.

  7. Use a Firewall (Hardware or Software) - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

    Be restrictive with granting access to the Internet. If you are unsure if the program really needs the access, test it by denying the access and see if this has any negative effects. If not, make the block permanent.

  8. Never run two Antivirus programs or two Software Firewalls at the same time. They can interfere with each other and cause problems.

  9. Visit Microsoft's Windows Update Site Frequently or better yet set computer for automatic updates.

  10. Update all programs regularly - Make sure you update all programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. The best way to keep updated is to download PSI Secunia from https://psi.secunia.com. It will help you keep your programs updated. Keep it updated. It is free for personal use.

  11. Read and follow the suggestions given at this web site by Miekiemoes http://users.telenet.be/bluepatchy/miek ... ntion.html that will give you more information on some of the points above.

  12. Use your best judgment when opening E-mails, following links, downloading programs, or surfing the web. If there is the slightest thing odd about something connected with any of those do not open, follow or download even if the sender is a friend. If it is a friend then ask if they really sent the information. They could be infected.
Follow this list and your potential for being infected again will reduce dramatically.

Stand up and be Counted.
[quote]NOW is the time you can start to hit back at the people who infected you.
Please take the time to go and complain - that forum has a topic for your infection which is other infections. Please post as a reply, you do not need to register to do so (but you can if you wish). It will also have a list of other places you can go to to register your complaint, depending on the country you are resident in. Please read the topics and complain, it is only with such complaints to government or government agencies that something will get done.
User avatar
Admin/Teacher Emeritus
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: HJK log for Mikeswim07

Unread postby tmax » August 1st, 2008, 11:21 am

Thanks, I will work through the list this evening!
The computer seems generally to be working OK. Before the infection I had a SD card wizard that popped up when I stuck my camera SD card in and guided me through storing photos. This has disappeared since the infection and nothing at all happens when my card is inserted - I'm not sure if Mikeswim tried to reinstall but it still dosnt work (see previous posts). It would really help if you could tell me how to reactivate this as I use it daily.
Regular Member
Posts: 27
Joined: July 2nd, 2008, 4:33 pm

Re: HJK log for Mikeswim07

Unread postby Elrond » August 2nd, 2008, 1:46 pm

I really do not know much about that. It could well be that the infection did damage the program. My suggestion would be to reinstall it if you have it.
If that does not work I would either contact the vendor of the card reader or one of the forums that specializes at helping with more general computer problems. This is what I tell those who need this sort of help.

I am not an expert at this type of problem. I would suggest that you go to one of the forums below that specialize in more general computer problems. They have people that know more about this sort of problem because it does not seem to be a malware problem.

Give a link to this thread for reference to helper that helps you.

Good Hardware and Software Help Forums
Computer Trouble here: http://forum.computertrouble.co.uk/index.php
TechSupportGuy here : http://forums.techguy.org/21-windows-nt-2000-xp/
VirtualDr here: http://discussions.virtualdr.com/forumdisplay.php?f=48
PCPitStop here : http://forums.pcpitstop.com/index.php?showforum=3
Computer Cops here:http://www.castlecops.com/ Registration on right edge close to top under login.

All may require you to register free before posting for help.

Please let me know when you have read this so that I can archive the topic.
User avatar
Admin/Teacher Emeritus
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: HJK log for Mikeswim07

Unread postby tmax » August 2nd, 2008, 4:43 pm

Thanks, I've worked through all the cleanup. I'm still left with a few things on my desktop like: java6u7, mbam setup, Malwarebytes Anti malware, ATF Cleaner & Hjackthis and WindowsXP Recovery - shall I just delete them all or do they need uninstalling?
Regular Member
Posts: 27
Joined: July 2nd, 2008, 4:33 pm

Re: HJK log for Mikeswim07

Unread postby Elrond » August 2nd, 2008, 9:37 pm

java6u7, mbam setup, Hjackthis and WindowsXP Recovery can be deleted from the desktop.
Malwarebytes Anti malware and ATF Cleaner are useful programs to run every few weeks according to the instructions. One will check for any spyware and the other will remove a lot of debri that collects over time.
User avatar
Admin/Teacher Emeritus
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: HJK log for Mikeswim07

Unread postby tmax » August 4th, 2008, 11:21 am

Thanks so much for giving your time to help with this & to Mikeswom07. My computer is so much quicker now, I will definately keep the ATF cleaner for regular use.

Keep up the good work guys & gals! (I would add a smilie but cannot work out how to use them - there really is no hope for me is there.....?)
Regular Member
Posts: 27
Joined: July 2nd, 2008, 4:33 pm

Re: HJK log for Mikeswim07

Unread postby Elrond » August 7th, 2008, 3:01 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Admin/Teacher Emeritus
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 56 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware