Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HiJackthis log ... spyware/malware problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HiJackthis log ... spyware/malware problems

Unread postby karatekid7412589 » May 25th, 2009, 7:48 am

another thing ... i dont like tht erunt thing ... do i need to backup registry?? ... can i delete it
karatekid7412589
Active Member
 
Posts: 13
Joined: May 15th, 2009, 6:37 pm
Advertisement
Register to Remove

Re: HiJackthis log ... spyware/malware problems

Unread postby Bv202 » May 28th, 2009, 10:59 am

I'm sorry for the delay.

Hi karatekid7412589

i think computer is running fine .. except .. add or remove programs says i have internet explorer 7 downlaoded and i cant access it nor can i delete it ....

Can you explain this a bit more? Can't you open Internet Explorer or can't you just access it from add/remove? If so, do you get any error messages?

You also seemed to install Internet Explorer 8. Did that solve anything?

also you didnt answre my last coment

Yes, I'm very sorry about that. I noticed too late that I forget to answer that.
Anyway, the long list of file names are normal :)
Don't worry about the account issue. I'm not sure what causes this, but I've noticed that before. Normally, you should not use Safe Mode except when Normal Mode gives trouble. The reason I did let you go in these was to check if it would work (I suspected it could give problems).

also my McAfee (it might just be their fault im not sure ) it acts like its not fully loaded ... like a picture on the internet .. it has 3 shapes in a box (red yellow and green) next to every button

Please try to re-install Mcafee. You can find instructions for that here
Please let me know if that solved the problem :)

another thing ... i dont like tht erunt thing ... do i need to backup registry?? ... can i delete it

Erunt is a tool which backups your registry. You needed to do that because I gave you a registry fix.
I assume you don't like it because you didn't disable to option to auto-backup the registry. To stop the auto-backupping, please do this:

FIX HIJACKTHIS ENTRIES
Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.

Now reboot the computer. It should not appear again. If it does, please tell me :)

Please also remove this folder:
C:\Documents and Settings\chris zurlo\My Documents\LimeWire

In your next reply, please post:
1) A new HijackThis log
2) Please answer my questions (about Internet Explorer and Mcafee) :)
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: HiJackthis log ... spyware/malware problems

Unread postby karatekid7412589 » May 28th, 2009, 4:29 pm

interent explorer : i cant use it ...i dont want to because i use firefox, but still .. and on add or remove programs .. the delete button doesnt appear .. and i dont know what folder its in on my computer ..ive tried searching and it doesnt show up .. its like a phantom program

Mcaffe : this has been going on for awhile ... i have reinstalled it prob about 5 times ... same thing everytime ... not that big of deal .. it still works ... i just thought it was infected or something


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:36 PM, on 5/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BigDogPath] "C:\WINDOWS\VM_STI.EXE" A4 Tech USB PC Camera
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O24 - Desktop Component 0: (no name) - http://a671.ac-images.myspacecdn.com/00 ... 1670_l.jpg
O24 - Desktop Component 1: (no name) - http://img.youtube.com/vi/0x284Bvfbgw/default.jpg

--
End of file - 7169 bytes
karatekid7412589
Active Member
 
Posts: 13
Joined: May 15th, 2009, 6:37 pm

Re: HiJackthis log ... spyware/malware problems

Unread postby Bv202 » May 31st, 2009, 11:51 am

Hi karatekid7412589

interent explorer : i cant use it ...i dont want to because i use firefox, but still .. and on add or remove programs .. the delete button doesnt appear .. and i dont know what folder its in on my computer ..ive tried searching and it doesnt show up .. its like a phantom program

There is no reason to delete Internet Explorer. Many software uses it and you won't be able to remove it. If you've installed SP3 after IE7 was installed, you won't be able to remove IE7. What exactly happens when you try to run it? Do you get an error? If so, which one?

Is it possible to make a screenshot of the Mcafee problem? If you don't know how to create one, please tell me and I'll give instructions for it :)
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: HiJackthis log ... spyware/malware problems

Unread postby karatekid7412589 » June 1st, 2009, 9:16 pm

NO .. this is what i was trying to tell you in the last message .. i cant use IE7 .. i cant find the program on my computer .. cant open it because i dont know where it is, But i know its there somewhere ... there is no error cuz i haven't tried to open it cuz i cant find it .... no i dont know how to do the screenshot thing
karatekid7412589
Active Member
 
Posts: 13
Joined: May 15th, 2009, 6:37 pm

Re: HiJackthis log ... spyware/malware problems

Unread postby Bv202 » June 4th, 2009, 12:39 pm

Hi karatekid7412589

I've asked other helpers about your current situation and I'm afraid I have bad news for you :(

Because you were infected with a backdoor, the best option for you is to reformat your system. As I've told you before, we can't know what a "hacker" did with your system. If you can't do the reformat yourself because you don't have the disks for example, it's the best to bring this sytem to a local computer repair store. If you have any questions about the reformat process, feel free to ask.

If you really don't want to reformat, you can try some technical support forums as we are not experienced here with these problems. Tell them your system was cleaned here at Malware Removal. Please remember that I cannot promise your problems can be solved because of the backdoor infection.

Here are some general tech support forums:
http://www.techsupportforum.com
http://www.whatthetech.com


A few tips to prevent this happening in the future:

Preventing Malware
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Make sure you enable Automatic Updates for your computer. You can set this in the control panel -> windows update.
An alternative way is to visit Microsoft often to get the latest updates for your computer:
http://www.update.microsoft.com


P2P Software
Peer to Peer (or P2P) software are the #1 source of malware infections. Even if the program itself is safe, the downloads you get with them can (and will) be infected. If you've used such software in the past, I recommend you to not use them anymore. If you're going to use them (again), please be very careful with your downloads.
Please read more about this here.



Here are some free programs I recommend that could help you improve your computer's security.

Malwarebytes' Anti-Malware
Download it from here. Click "Download" and you'll get redirected to download.com, where you can download the product. You can also buy this program, which gives you real-time protection against common malware. However, you can use the free program to scan and remove any infections found.

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm



Read some information here how to prevent Malware.

Is your pc running slow?
Read What to do if your Computer is running slowly


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware. We would very appreciate it if you register on that forum and make your complaint.

Happy safe surfing!

Please reply once more to this thread so we know it can be closed. If you have any questions left, it's now the time to ask! :)
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: HiJackthis log ... spyware/malware problems

Unread postby karatekid7412589 » June 5th, 2009, 4:57 pm

so were done ... i dont have any Q's .. just am i in pretty good shape .. my ocmputer wont crash at any random time will it ?
karatekid7412589
Active Member
 
Posts: 13
Joined: May 15th, 2009, 6:37 pm

Re: HiJackthis log ... spyware/malware problems

Unread postby Bv202 » June 7th, 2009, 8:20 am

Hi karatekid7412589

my ocmputer wont crash at any random time will it ?

Does it now? If you reformat, everything on your hard drive will be erased, so this may solve crashes. This doesn't mean your computer will never crash anymore ofcourse, but if the crashes now are caused by software, it will be solved by a reformat.

Let me know if you have more questions :)
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: HiJackthis log ... spyware/malware problems

Unread postby karatekid7412589 » June 7th, 2009, 5:08 pm

No it hasnt crashed at a random time .. just wondering if it could .. and no i have no more Q's .. .so you can close the topic
karatekid7412589
Active Member
 
Posts: 13
Joined: May 15th, 2009, 6:37 pm

Re: HiJackthis log ... spyware/malware problems

Unread postby silver » June 11th, 2009, 8:53 pm

This topic is now closed
We are pleased to have been of assistance in getting you clean.

If you have been helped and wish to donate with the costs of this volunteer site, you can do so using this link
Donations For Malware Removal
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 69 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware