Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hijack log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Piney » October 22nd, 2005, 5:25 pm

yes sir, did it just fine:)

Now, how about those questions?

1. When did you notice the slowing problem?
2. Do you clear out temp files on a regular basis?
3. Have you defragmented your computer lately?
4. I don't see a virus scanner installed on your machine. Would you like the address of some free ones?


How is the computer running now?

Edit: oops, didn't see your post after the hjt log.
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm
Advertisement
Register to Remove

Unread postby Piney » October 22nd, 2005, 6:27 pm

Yes, AVG is a virus scanner, but I don't see it installed. I see lots of scanners, including Anonymizer, TrojanHunter and PestPatrol.
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm

Unread postby Piney » October 23rd, 2005, 2:13 am

Swanny2, I just don't see that much going on with your machine meaning any type of malware/worms etc.

There is one line we might as well fix with HJT.
Open HJT, scan and put a check/tick next to this line:
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
With nothing open except HJT, click on the Fix Checked button. Close HJT.

My next best guess is that you have a hardware problem. I can give you a couple of links to try.
http://pcpitstop.ibforums.com which specializes in hardware issues.
http://www.computertrouble.co.uk P3 knows this site, and can guide you there and help you get registered.

Let me give you my Good to Go! speech, since it appears you don't have malware on the computer.

Follow these simple steps in order to keep your computer clean and secure:
Make your Internet Explorer more secure -
This can be done by following these simple instructions:

*Open Internet Explorer and click on the Tools menu and then click on Internet Options.
*Click on Security
*Click the Internet icon
*Click on Custom Level
*Change the Download signed ActiveX controls to Prompt
*Change the Download unsigned ActiveX controls to Disable
*Change the Initialize and script ActiveX controls not marked as safe to Disable
*Change the Installation of desktop items to Prompt
*Change the Launching programs and files in an IFRAME to Prompt
*Change the Navigate sub-frames across different domains to Prompt
*Change the Allow paste operations via script to Disable
*Click on OK
*Save (if asked).
*Click on Apply button
*Click on OK
*Close Internet Options

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Update all scanning programs regularly -

Without regular updates you WILL NOT be protected when new malicious programs are released.

I hope you can get your puter up and smiling again.
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm

Unread postby Swanny2 » October 23rd, 2005, 3:59 am

cheers mate.
how do u mean Not much goin on!! do u mean its OK?coz i have spybot etc.
I will try the recomended bud an let u know how i get on later today . tx 4 ure time . :lol:



Swanny .
Swanny2
Regular Member
 
Posts: 48
Joined: October 21st, 2005, 5:49 pm
Location: uk cheshire

Unread postby Swanny2 » October 23rd, 2005, 4:08 am

ok mate done another scan an deleted that other .

Logfile of HijackThis v1.99.1
Scan saved at 09:10:07, on 23/10/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\MY DOCUMENTS\MY DOWNLOADS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... pote_x.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/c ... /zt3_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promot ... WebAAS.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37350.cab

cheers :lol:
Swanny2
Regular Member
 
Posts: 48
Joined: October 21st, 2005, 5:49 pm
Location: uk cheshire

Unread postby Swanny2 » October 23rd, 2005, 4:30 am

ok mate, i looked at the custom level and i had too change 2 things

Allow paste operations via script and.
Navigate sub--frame across different domains

i have checked these as u directed as they where set different too what u said.
No idea why! as ive never altered them b4..

thanks mate.



Swanny :lol:
Swanny2
Regular Member
 
Posts: 48
Joined: October 21st, 2005, 5:49 pm
Location: uk cheshire

Unread postby Piney » October 23rd, 2005, 4:32 pm

Hey, thanks for the new log :)
No, you didn't change those settings...we just increased your security by changing them the way I posted. Helps to keep you safer on the net.

We are buzzing about trying to think of what we can do to help you. Be back as soon as I can:)
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm

Unread postby Piney » October 23rd, 2005, 4:41 pm

okey dokey You get to work and I get to hmm work, too 8)

One question for you, Swanny2
Do you have the disk that is used to reinstall Windows ME? This is just for my own information, I don't want you to do that (not yet, anyway)

Let's do an online scan: Trend Housecalls Virus Scan Let it fix/clean/delete all that is found. If something can't be found, then write down the name and where it is located as an example: xyz.exe location C:\Windows\System\

Good luck and I'll be waiting for your reply :)
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm

Unread postby Swanny2 » October 24th, 2005, 4:58 am

cheers mate. no i dont have the Disc. only Disc i have is the Restore Disc . sorry.
tx for ure time mate Appreciated, me pc seems too be a little better now, tx.The Pages i open r still a bit slow opening ,but a bit faster than b4. :lol:
cheers .
Swanny .
Swanny2
Regular Member
 
Posts: 48
Joined: October 21st, 2005, 5:49 pm
Location: uk cheshire

Unread postby Piney » October 24th, 2005, 1:12 pm

Since it appears this is no longer a malware problem, we'll close this thread.

I wish you luck, Swanny2 :)
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm

Unread postby Swanny2 » October 24th, 2005, 5:56 pm

thanks for ure help ,
ive just done a Adaware virus scan,took about a hour and, it says ..
A Virus was Found.!! 19 items Infected.
It gave me the option too Heal 4 of these items ,no idea what Items! never said.
So i clicked ok ,and 4 where Healed.. What do i do now.?
does this mean the Virus has gone ?
sorry ive no idea .

cheers Swanny :?
Swanny2
Regular Member
 
Posts: 48
Joined: October 21st, 2005, 5:49 pm
Location: uk cheshire

Unread postby Piney » October 24th, 2005, 6:14 pm

Swanny2, did you ever go to Trend and do the scan there?

Let's do an online scan: Trend Housecalls Virus Scan Let it fix/clean/delete all that is found. If something can't be found, then write down the name and where it is located as an example: xyz.exe location C:\Windows\System\


Trend Housecalls Virus Scan
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm

Unread postby Swanny2 » October 24th, 2005, 6:34 pm

No mate .sorry never seen it. i used trojan hunter .. then that was okay after i did what u said. i then have removed it from me pc. all i have done is run adaware , an found a Virus...

cheers ..
Swanny. :lol:
Swanny2
Regular Member
 
Posts: 48
Joined: October 21st, 2005, 5:49 pm
Location: uk cheshire

Unread postby Piney » October 25th, 2005, 9:08 pm

This issue has been resolved, the virus was in _Restore. This thread can be archived.
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 485 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware