Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I know you have a lot to do

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I know you have a lot to do

Unread postby Darling11us » April 20th, 2009, 8:37 pm

but it would be nice if you could help me.
Here is my post from the 15th:
After doing a good job in fixing and deleting things ( so I thought ) - I recognized, that I did not too good. My Computer is still slow working. I think I have caught some malware or virus or trojans. ( Sorry not "I have" - my Computer has caught it). Althought I have many security tools installed. ( So I do think).
Please help me to fix the computer, so it will work good and fast again.
I have to tell you, that I am a german woman, living in China and using a chinese XP Prof Pack 3.
I am not fit in reading chinese letters, so be patient with me if I ask you real simple questions.

I read some days befor, what will be needed.
I have hijacked the computer and made an "uninstall list"
Please help me.
Here are the lists:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:00, on 2009-4-19
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Administrator\桌面\Alles zum schnellen absichern\freemem.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\TraXEx\TraXEx.exe
C:\Program Files\Symmetricom\SymmTime\SymmTime.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [FreeMem Pro] "C:\Documents and Settings\Administrator\桌面\Alles zum schnellen absichern\freemem.exe" Startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: TraXEx 3.2.lnk = C:\Program Files\TraXEx\TraXEx.exe
O4 - Global Startup: SymmTime.lnk = ?ProgramFiles%\Symmetricom\SymmTime\SymmTime.exe
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: IE-Spuren l鰏chen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Program Files\TraXEx\Integration\TraXEx Internet Explorer.lnk
O9 - Extra button: L鰏chautomat - {8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - C:\Program Files\TraXEx\Integration\TraXEx L鰏chautomat.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate1c9bba112845b04) (gupdate1c9bba112845b04) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 5413 bytes

Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 - Deutsch
Adobe Shockwave Player 11.5
Any Video Converter 2.7.1
a-squared Free 4.0
Avira AntiVir Personal - Free Antivirus
CCleaner (remove only)
Double Driver
EVEREST Home Edition v2.20
ffdshow [rev 2527] [2008-12-19]
Glary Registry Repair 3.0
Google Update Helper
Google 地球
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
HP Software Update
Intel(R) Graphics Media Accelerator Driver
JAP
Java(TM) 6 Update 13
Maxthon Browser (remove only)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CHS
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CHS
Microsoft .NET Framework 3.5 Language Pack SP1 - chs
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 语言包 - 简体中文
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.8)
Nero 6 Ultra Edition
No23 Recorder
Real2Asf Client AllInOne
RealPlayer
Secunia PSI
SopCast 3.0.3
SymmTime
Total Commander (Remove or Repair)
TraXEx 3.2
TVUPlayer 2.4.1.0
VLC media player 0.9.8a
Windows Media Format Runtime
Windows Media Player (KB952069) 安全更新
Windows Media Player 10
Windows Media Player 10 (KB936782) 安全更新
Windows XP (KB923689) 安全更新
Windows XP 安全更新 (KB938464-v2)
Windows XP 安全更新 (KB950760)
Windows XP 安全更新 (KB950762)
Windows XP 安全更新 (KB950974)
Windows XP 安全更新 (KB951066)
Windows XP 安全更新 (KB951376-v2)
Windows XP 安全更新 (KB951698)
Windows XP 安全更新 (KB951748)
Windows XP 安全更新 (KB952954)
Windows XP 安全更新 (KB954459)
Windows XP 安全更新 (KB954600)
Windows XP 安全更新 (KB955069)
Windows XP 安全更新 (KB956802)
Windows XP 安全更新 (KB956803)
Windows XP 安全更新 (KB956841)
Windows XP 安全更新 (KB957097)
Windows XP 安全更新 (KB958215)
Windows XP 安全更新 (KB958644)
Windows XP 安全更新 (KB958687)
Windows XP 安全更新 (KB958690)
Windows XP 安全更新 (KB960225)
Windows XP 安全更新 (KB960714)
Windows XP 安全更新 (KB960715)
Windows XP 更新 (KB951978)
Windows XP 更新 (KB955839)
Windows XP 更新 (KB967715)
Windows XP 修补程序 (KB952287)
WinRAR 压缩文件管理器
XML Paper Specification Shared Components Language Pack 1.0
XP Codec Pack
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
暴风影音 ( That is Storm Video )
黄鹤影院高清点播软件_1.0.5.5859 This is software to see movies
搜狗拼音输入法 3.3 writing-prog for Pinyin letters
鑫网通达信行情 Banc-Stock-Program

I hope, that this files will help you to fix my problems
Vera
Darling11us
Active Member
 
Posts: 5
Joined: April 18th, 2009, 10:01 pm
Advertisement
Register to Remove

Re: I know you have a lot to do

Unread postby Dakeyras » April 22nd, 2009, 7:52 am

Replied :)
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware