Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

am I clean yet?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

am I clean yet?

Unread postby nabuceht » March 6th, 2009, 4:24 pm

hijack this logs NEVER showed anything

ran Haxfix several times... log and fixing mode

ran SpyBot a few times... cleaned upon finding

ran AVG several times

ran LOP SD a couple times

ran Sophos anti-rootkit several times

Haxfix detected files that were unable to be manually found (even showing hidden files):


those were finally cleaned.

Spybot only found typical cookies and such.

Sophos anti-rootkit never found anything.

Hijack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:25 PM, on 3/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\SurMixer.exe

O4 - HKLM\..\Run: [Surround Mixer] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\SurMixer.exe
O4 - HKLM\..\Run: [AVG7_CC] d:\PROGRA~1\AVG\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] d:\PROGRA~1\AVG\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] d:\PROGRA~1\AVG\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] d:\PROGRA~1\AVG\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] d:\PROGRA~1\AVG\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - d:\PROGRA~1\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - d:\PROGRA~1\AVG\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - d:\PROGRA~1\AVG\avgemc.exe

End of file - 1719 bytes

MalwareBytes Malware Remover
Malwarebytes' Anti-Malware 1.34
Database version: 1825
Windows 5.1.2600 Service Pack 2

3/6/2009 2:01:04 PM
mbam-log-2009-03-06 (14-01-04).txt

Scan type: Full Scan (C:\|)
Objects scanned: 79704
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3200+ )
BIOS : Default System BIOS
USER : Steve ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.557 7.5.557 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:14 Go (Free:9 Go)
D:\ (Local Disk) - NTFS - Total:48 Go (Free:11 Go)
E:\ (Local Disk) - NTFS - Total:170 Go (Free:1 Go)
F:\ (Local Disk) - NTFS - Total:279 Go (Free:4 Go)
G:\ (Local Disk) - NTFS - Total:279 Go (Free:0 Go)
H:\ (Local Disk) - NTFS - Total:189 Go (Free:2 Go)
I:\ (Local Disk) - NTFS - Total:244 Go (Free:0 Go)
J:\ (Local Disk) - NTFS - Total:221 Go (Free:1 Go)
M:\ (CD or DVD)
O:\ (CD or DVD)
Z:\ (CD or DVD)

"C:\TRYING TO CLEAN SHIT\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Fri 03/06/2009|14:16 )

--------------------\\ Listing folders in APPLIC~1

[03/05/2009|02:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[03/06/2009|12:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> AVG7
[03/06/2009|12:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> FileBoss
[03/05/2009|02:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia
[03/05/2009|03:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[03/05/2009|02:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Mozilla

[01/16/2009|05:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[02/24/2009|07:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[01/26/2009|02:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ATI
[01/16/2009|12:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg7
[01/15/2009|12:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avg8
[01/15/2009|01:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Grisoft
[02/28/2009|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> LogiShrd
[02/28/2009|09:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logitech
[03/06/2009|01:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[01/16/2009|05:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[02/26/2009|06:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[01/12/2009|05:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Real
[02/28/2009|09:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SecTaskMan
[03/06/2009|01:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[02/19/2009|01:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP

[01/12/2009|02:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[01/15/2009|01:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> AVG7
[01/15/2009|12:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[01/15/2009|12:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[02/19/2009|02:09] C:\DOCUME~1\Steve\APPLIC~1\<DIR> Adobe
[01/26/2009|02:28] C:\DOCUME~1\Steve\APPLIC~1\<DIR> ATI
[01/12/2009|07:16] C:\DOCUME~1\Steve\APPLIC~1\<DIR> atitray
[03/06/2009|11:24] C:\DOCUME~1\Steve\APPLIC~1\<DIR> AVG7
[01/12/2009|02:57] C:\DOCUME~1\Steve\APPLIC~1\<DIR> Creative
[02/18/2009|05:44] C:\DOCUME~1\Steve\APPLIC~1\<DIR> Help
[01/12/2009|02:10] C:\DOCUME~1\Steve\APPLIC~1\<DIR> Identities
[02/28/2009|09:09] C:\DOCUME~1\Steve\APPLIC~1\<DIR> Logitech
[01/12/2009|03:46] C:\DOCUME~1\Steve\APPLIC~1\<DIR> Macromedia
[03/06/2009|01:40] C:\DOCUME~1\Steve\APPLIC~1\<DIR> Malwarebytes
[01/12/2009|07:13] C:\DOCUME~1\Steve\APPLIC~1\<DIR> Media Player Classic
[02/26/2009|06:54] C:\DOCUME~1\Steve\APPLIC~1\<DIR> Microsoft
[02/19/2009|03:46] C:\DOCUME~1\Steve\APPLIC~1\<DIR> Mozilla
[01/12/2009|05:12] C:\DOCUME~1\Steve\APPLIC~1\<DIR> Real
[01/12/2009|03:13] C:\DOCUME~1\Steve\APPLIC~1\<DIR> Sun
[01/12/2009|03:43] C:\DOCUME~1\Steve\APPLIC~1\<DIR> Talkback
[01/24/2009|11:54] C:\DOCUME~1\Steve\APPLIC~1\<DIR> teamspeak2
[01/12/2009|03:43] C:\DOCUME~1\Steve\APPLIC~1\<DIR> Thunderbird
[03/03/2009|12:30] C:\DOCUME~1\Steve\APPLIC~1\<DIR> uTorrent

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[03/06/2009 01:12 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 06:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/19/2009|02:09] C:\Program Files\<DIR> Adobe
[01/12/2009|02:46] C:\Program Files\<DIR> ALIRAID
[01/26/2009|02:26] C:\Program Files\<DIR> ATI Technologies
[02/28/2009|09:07] C:\Program Files\<DIR> Common Files
[01/12/2009|01:57] C:\Program Files\<DIR> ComPlus Applications
[01/12/2009|02:58] C:\Program Files\<DIR> Creative
[01/15/2009|01:00] C:\Program Files\<DIR> Grisoft
[03/06/2009|12:15] C:\Program Files\<DIR> InstallShield Installation Information
[01/12/2009|03:06] C:\Program Files\<DIR> Internet Explorer
[01/12/2009|03:14] C:\Program Files\<DIR> Java
[01/12/2009|05:11] C:\Program Files\<DIR> K-Lite Codec Pack
[02/28/2009|09:07] C:\Program Files\<DIR> Logitech
[01/12/2009|02:49] C:\Program Files\<DIR> Messenger
[01/12/2009|02:03] C:\Program Files\<DIR> microsoft frontpage
[01/12/2009|05:08] C:\Program Files\<DIR> Microsoft Office
[01/12/2009|05:10] C:\Program Files\<DIR> Microsoft.NET
[01/12/2009|01:58] C:\Program Files\<DIR> Movie Maker
[01/12/2009|01:55] C:\Program Files\<DIR> MSN
[01/12/2009|01:56] C:\Program Files\<DIR> MSN Gaming Zone
[01/12/2009|07:14] C:\Program Files\<DIR> MultiRes
[01/12/2009|01:58] C:\Program Files\<DIR> NetMeeting
[01/12/2009|01:56] C:\Program Files\<DIR> Online Services
[01/12/2009|01:58] C:\Program Files\<DIR> Outlook Express
[01/14/2009|09:20] C:\Program Files\<DIR> Outspark
[03/06/2009|01:09] C:\Program Files\<DIR> Panda Security
[03/06/2009|01:09] C:\Program Files\<DIR> Pando Networks
[02/24/2009|07:39] C:\Program Files\<DIR> QuickTime Alternative
[01/12/2009|03:17] C:\Program Files\<DIR> Radeon Omega Drivers
[01/12/2009|05:12] C:\Program Files\<DIR> Real Alternative
[03/06/2009|01:10] C:\Program Files\<DIR> Sophos
[01/12/2009|02:10] C:\Program Files\<DIR> Uninstall Information
[01/12/2009|03:00] C:\Program Files\<DIR> VIA
[02/12/2009|11:59] C:\Program Files\<DIR> Windows Media Player
[01/12/2009|01:56] C:\Program Files\<DIR> Windows NT
[01/12/2009|02:01] C:\Program Files\<DIR> WindowsUpdate
[01/12/2009|02:03] C:\Program Files\<DIR> xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[01/16/2009|05:27] C:\Program Files\Common Files\<DIR> Adobe
[01/16/2009|05:27] C:\Program Files\Common Files\<DIR> Adobe AIR
[01/12/2009|05:10] C:\Program Files\Common Files\<DIR> DESIGNER
[01/15/2009|08:24] C:\Program Files\Common Files\<DIR> DirectX
[02/19/2009|06:17] C:\Program Files\Common Files\<DIR> INCA Shared
[01/13/2009|04:42] C:\Program Files\Common Files\<DIR> InstallShield
[02/28/2009|09:08] C:\Program Files\Common Files\<DIR> Logishrd
[01/12/2009|05:22] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/12/2009|01:58] C:\Program Files\Common Files\<DIR> MSSoap
[01/12/2009|07:49] C:\Program Files\Common Files\<DIR> ODBC
[01/12/2009|01:58] C:\Program Files\Common Files\<DIR> Services
[01/12/2009|07:49] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/12/2009|04:34] C:\Program Files\Common Files\<DIR> System

--------------------\\ Process

( 17 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-06 14:17:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

No other infections found !

[F:3][D:0]-> C:\DOCUME~1\Steve\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\Steve\Cookies
[F:10][D:4]-> C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Fri 03/06/2009|10:34 - Option : [1]
2 - "C:\TRYING TO CLEAN SHIT\Lop SD\LopR_2.txt" - Fri 03/06/2009|14:17 - Option : [1]

--------------------\\ Scan completed at 14:17:53

HAXFIX logfile - by Marckie

version 5.066
Fri 03/06/2009 14:12:27.01
running from C:\HaxFix

--- Checking for Haxdoor ---

checking for a3d files
a3d files not found

checking for matching notify keys
matching notify keys found

checking for matching services
no matching services found

checking for matching safeboot services
no matching safeboot services found

--- Checking for Goldun - Spybanker ---

checking for SSODL keys
no ssodl keys found

checking for notify keys
no notify keys found

checking for services
no services found

checking for random used files and services
-- these files are not necessarily malicious
-- scanning all folders
C:\Program Files\ATI Technologies\ATI.ACE\HydraVision-Full\CLI.Caste.HydraVision.Shared.dll
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServMsg.dll
C:\Program Files\Microsoft Office\Office12\1033\PROTTPLN.XLS
C:\Program Files\Microsoft Office\Office12\1033\PROTTPLV.XLS
C:\Program Files\Microsoft Office\Office12\1033\QuickStyles\Traditional.dotx
C:\Program Files\QuickTime Alternative\QTSystem\QuickTime3GPP.Resources\en.lproj\QuickTime3GPPLocalized.qtr
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\eula.1044.txt
no matching random used services found

checking for browser helper objects
no known browser helper objects found

checking for appinit files
no files found

checking for possible infected files
please submit these file here: http://www.bleepingcomputer.com/submit- ... channel=11
no files found

checking for Active Setup Installed Components
no known Active Setup Installed Components found

checking iexplore.exe
iexplore.exe is not infected

--- Checking for other Goldun, Spybanker and Haxdoor files ---
no other Haxdoor or Goldun files found

--- Catchme logfile - thank you Gmer ---

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-06 14:14:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

--- Analysing Catchme logfile ---

no matching regkeys found




if i need to run anything else, just say so : PP
Active Member
Posts: 1
Joined: March 6th, 2009, 3:50 pm
Register to Remove

Re: am I clean yet?

Unread postby NonSuch » April 7th, 2009, 12:57 am

We are sorry you have waited so long for a response. As you can see, we are quite busy as are all the other help forums. Also, it is possible that you received no response because there was no malware evident in your HijackThis log.

If you still require help, please start a new topic and post a fresh HijackThis log, along with a complete description of all symptoms you are currently experiencing that make you feel your system is infected with malware. Also, in the same post, please include an Uninstall List.

To create an Uninstall List, open HijackThis and, from the Main Menu > click on the "Open the Misc Tools section" button > click "Open Uninstall Manager" > click "Save List." Save the list to your Desktop or any convenient location. Next, copy the contents of the Uninstall List and paste it into the same post as your HijackThis log.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here, and be sure to include your Uninstall List: >Guideline for posting your HijackThis log<
User avatar
Posts: 27822
Joined: February 23rd, 2005, 7:08 am
Location: California

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: pgmigg and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware