Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

pleaseeee help... W32.Sinnaka.A@mm

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

.....

Unread postby maxthomas » November 13th, 2005, 2:47 pm

computer is working better sinnaka seems to be gone!!
mmm... and device manager and windows configuration manager is working now too.. yey

i could not find the istbar/istsvc
also could not find nvctrl.exe
mssearchnet.exe
scsotgsm.exe
hwclock.exe
svchost.exe
istsvc

thats all i cudnt do!?

i have programmes like windows anti spyware etc starting up on taskbar when i start computer how do i stop these starting up, i only want them to appear when i click the shortcut??

Cheers
Max

Many thanks for your help..
maxthomas
Regular Member
 
Posts: 16
Joined: November 7th, 2005, 3:40 pm
Advertisement
Register to Remove

Unread postby Piney » November 13th, 2005, 6:11 pm

wheeeeeee looks like you did a great job, Max!!

But now you need to make a decision. You have evidently installed Trends Security (Antivirus and Firewall)
You still have AVG installed and running. I strongly suggest you uninstall AVG.
Having two antivirus running is opening the door to neither program doing much good. The same for two firewalls.

Go to your Control Panel>>>Add/Remove Programs and uninstall AVG.
When finished, reboot normally.

You can stop the MS antispyware from running on startup. Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

Click on Start>>>>Run and type in the box: Services.msc and click OK
Click on the Extended tab
Scroll down until you find hwclock or could be listed as Hardware Clock Driver
Right click on file, and choose Properties
Select the General tab
Click Stop under Service status
From the dropdown menu under the heading Startup Type, choose Disable
Click Apply and click OK and close the Services page.

Open HJT
1. Click "Config..."
2. Click "Misc Tools"
3. Click "Delete a NT Service"

In the Delete window, enter, hwclock and press OK. OK any prompts,

close HijackThis.

Press on the Windows key and the E key on your keyboard.
Open Windows Explorer, scroll to Windows\System32 search for and delete: hwclock.exe if found.
Close Windows Explorer.

Open HijackThis and scan. Put a check by these:

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gba2218.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)


Close ALL windows and browsers except HijackThis and click "Fix checked"
Close HJT when finished.

Empty the Recycle Bin.

Reboot normally. Scan with HJT and paste a new log to this thread.
Describe how the computer works now.

Once we are very sure you are clean, you can remove those programs I had you download.
Ewido is a trial version, and will run out in 2 weeks.
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm

..

Unread postby maxthomas » November 14th, 2005, 3:05 am

Logfile of HijackThis v1.99.1
Scan saved at 07:04:15, on 14/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Max\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\RunServices: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/rap ... loader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/mi ... Loader.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/defaul ... online.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.co.uk/downloads/BUM/BU ... ofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/w ... der_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe





Hope this is clean now?

Thank you very much for your help!!!!!!!

Is there a donation page on the site?

Max
maxthomas
Regular Member
 
Posts: 16
Joined: November 7th, 2005, 3:40 pm

Unread postby Piney » November 14th, 2005, 2:07 pm

Welcome back Max,
I take it the computer is running much better now?

Just a bit of housekeeping to do, then off you go:)

First of all, we need to re-hide those files and folders.
Go to your Control Panel, double-click on Folder Options.
Click on the View tab, scroll down to Hidden Files and Folders

Uncheck Show hidden files and folders
Check Hide extensions for known file types
Check Hide protected operating system files (Recommended)
Click Apply and click OK

To make your internet surfing less hazardous:
follow these simple steps in order to keep your computer clean and secure:

Make your Internet Explorer more secure -
*Open Internet Explorer and click on the Tools menu and then click on Internet Options.
*Click on Security
*Click the Internet icon
*Click on Custom Level
*Change the Download signed ActiveX controls to Prompt
*Change the Download unsigned ActiveX controls to Disable
*Change the Initialize and script ActiveX controls not marked as safe to Disable
*Change the Installation of desktop items to Prompt
*Change the Launching programs and files in an IFRAME to Prompt
*Change the Navigate sub-frames across different domains to Prompt
*Change the Allow paste operations via script to Disable
*Click on OK
*Save (if asked).
*Click on Apply button
*Click on OK
*Close Internet Options

Visit Microsoft's Windows Update Site Frequently
- It is important that you visit http://www.windowsupdate.com regularly.
This will ensure your computer has always the latest security updates available installed on your computer.
If there are new updates to install, install them immediately.
Reboot your computer, and revisit the site until there are no more critical updates.

****
You are just a bit behind on the update for Internet Explorer.
You will want to get that done in order to close the holes in IE that the bad guys use.

A couple of nifty and free scanning programs are Adaware SE and Spybot Search & Destroy.

Download and setup Adaware SE from this tutorial:
Using Ad-aware to remove Spyware, Malware & Hijackers from Your Computer

Download Spybot S&D 1.4 here:
http://safer-networking.org/en/news/2005-05-31.html
or
http://www.majorgeeks.com/download2471.html


Install by double-clicking on the downloaded file.
Run Spybot S&D from desktop icon or Start menu.
Press "Search for updates" button to get list of updates available.
Press "Download updates" button.
When you are ready to use Spybot to scan your computer,
Open Spybot S&D and click on Check for Problems. The program will scan your computer.
When the scan is complete, have SpyBot remove all it marks in RED by pressing "Fix selected problems".
Close Spybot S&D, reboot normally to finish deleting those items.

I scan with these two programs weekly, just to be safe :)

Remember to update all of your programs regularly. There are always updates to definitions being created.
You can not be sure you are safe, unless you have updated protection.

You can remove the smitRem application as you are clear and no longer need it.

Max, you have been great to work with! Yes, there is a donation link for Malware Removal:
http://www.malwareremoval.com/donations.html
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm

Unread postby NonSuch » November 30th, 2005, 7:27 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 39 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware