Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Is my computer clean?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Is my computer clean?

Unread postby glennhubbard » December 29th, 2005, 1:40 pm

I was attacked by Nabload.U and, immediately afterwards, by TSPY_BANKER.BAO. A very pleasant experience! :cry:
Anyway, I've spent some hours scanning and cleaning with A-Squared, PC-Cillin and some Spanish trojan hunters (I live in Madrid).
I'm now pretty sure that I'm clean but would really appreciate it if someone could take a look at the log to tell me if I need to do anything else.
Many thanks.

Logfile of HijackThis v1.99.1
Scan saved at 18:37:37, on 29/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Glenn\PCCILL~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Glenn\PCCILL~1\TmPfw.exe
C:\Archivos de programa\ScanSoft\OmniPageSE\opware32.exe
C:\glenn\WINPAT~1\WinPatrol.exe
C:\Archivos de programa\NASDAK\OmniMouse Driver\2.1\MOUSE32A.EXE
C:\Archivos de programa\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Glenn\PC CILLIN 12\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Archivos de programa\Netropa\Onscreen Display\OSD.exe
C:\Archivos de programa\Netropa\InetKb\Inetkb.exe
C:\Archivos de programa\WLAN\USB_WLAN_Utility\Wlan.exe
C:\Glenn\Spywareguard\SpywareGuard\sgmain.exe
C:\Glenn\Spywareguard\SpywareGuard\sgbhp.exe
C:\Glenn\PCCILL~1\Tmntsrv.exe
C:\Glenn\PCCILL~1\tmproxy.exe
C:\Glenn\emule installer\eMule\emule.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Glenn\Maxthon\Maxthon.exe
C:\Glenn\hijackthis.exe\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Glenn\Spybot\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\Glenn\NETSNI~1\NETSNI~1\NetSnip.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Archivos de programa\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Omnipage] C:\Archivos de programa\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [WinPatrol] "c:\glenn\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Archivos de programa\NASDAK\OmniMouse Driver\2.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Archivos de programa\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Glenn\PC CILLIN 12\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Glenn\Spywareguard\SpywareGuard\sgmain.exe
O4 - Global Startup: USB Wireless Client Manager.lnk = C:\Archivos de programa\WLAN\USB_WLAN_Utility\Wlan.exe
O8 - Extra context menu item: Add to Net Snippets - C:\Glenn\NETSNI~1\NETSNI~1\Res\Clipper.htm
O8 - Extra context menu item: Adición a la lista de impresión de Easy-WebPrint - res://C:\Archivos de programa\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Impresión a alta velocidad de Easy-WebPrint - res://C:\Archivos de programa\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Impresión de Easy-WebPrint - res://C:\Archivos de programa\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: SYSTRAN: &Borrar Caché de Traducción - C:\Archivos de programa\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Opciones - C:\Archivos de programa\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Registrar - C:\Archivos de programa\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: &Traducir - C:\Archivos de programa\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: Buscar &Actualizaciones - C:\Archivos de programa\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traducir Todos los &Marcos - C:\Archivos de programa\Systran\Premium\menuTranslateAll.html
O8 - Extra context menu item: Vista previa de Easy-WebPrint - res://C:\Archivos de programa\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Archivos de programa\Systran\Premium\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Archivos de programa\Systran\Premium\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Archivos de programa\Systran\Premium\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Archivos de programa\Systran\Premium\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Archivos de programa\Systran\Premium\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Archivos de programa\Systran\Premium\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Archivos de programa\Systran\Premium\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Archivos de programa\Systran\Premium\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Archivos de programa\Systran\Premium\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Archivos de programa\Systran\Premium\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\Glenn\NETSNI~1\NETSNI~1\NetSnip.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mci ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0077357499
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://www.toolbar.google.com/data/es/b ... gleNav.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{88C23F16-6322-48CB-A0EB-C5FE01CCAA4B}: NameServer = 62.14.64.145,62.14.2.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Archivos de programa\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\Glenn\PCCILL~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\Glenn\PCCILL~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Glenn\PCCILL~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Glenn\PCCILL~1\tmproxy.exe
glennhubbard
Active Member
 
Posts: 6
Joined: December 27th, 2005, 1:13 pm
Advertisement
Register to Remove

Unread postby ChrisRLG » December 29th, 2005, 8:13 pm

You do look clean :) - so well done :)

You could do some tidying up.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

Those lines could be fixed with HJT - you could then reset your home page to the site you would like with internet options in IE.

It looks like spywareguard may have been damaged, so it might be a good idea to reinstall that, although as you have spybot you could install the teatimer function instead and just remove spywareguard. You also have winpatrol and all three do similar jobs (and do work with each other), although having three giving warnings may be over protected.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby glennhubbard » December 30th, 2005, 3:22 am

Many thanks! I'm pleased to hear that I managed to clear it up myself!
Is there a guide somewhere about how to set up the Spybot teatimer function? I think it is in 'Advanced Mode' but there is an awful lot there when you open it.
Re. that cleaning up ... are those 4 items Home Pages that I have had at some time? I don't understand it because, for as far back as I can remember, I've always used I've 'about:blank'.
glennhubbard
Active Member
 
Posts: 6
Joined: December 27th, 2005, 1:13 pm

Unread postby glennhubbard » December 30th, 2005, 5:14 am

I also was wondering if Spybot would need to go in my Startup menu - like Spywareguard - with the teatime function enabled, . Or is it like Spywareblaster?
(I don't have too many resouces and the fewer progs I have running the better.)
Last edited by glennhubbard on December 30th, 2005, 11:48 am, edited 1 time in total.
glennhubbard
Active Member
 
Posts: 6
Joined: December 27th, 2005, 1:13 pm

Unread postby glennhubbard » December 30th, 2005, 11:41 am

Yet another post (apologies!). I've now got the teatimer in place together with Winpatrol. I haven't bothered with Spywareguard as, from what you have said, it would seem to be unnecessary if I've got the other two.
glennhubbard
Active Member
 
Posts: 6
Joined: December 27th, 2005, 1:13 pm

Unread postby ChrisRLG » December 30th, 2005, 12:43 pm

Well done :)

If you have any other problems please post back.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby NonSuch » January 1st, 2006, 11:37 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 304 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware