Gwen9911 Posted May 4, 2008 Report Share Posted May 4, 2008 (edited) My computer has been acting up for over 6 months! It began to run slow but now it is extremely slow and I every time it boots up it immediately shuts back down. I am running it in buggin mode now so that I can try and find out what is wrong! Here are my logs!! Please help!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:40:07 PM, on 5/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\Maxtor\Sync\SyncServices.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\UPHClean\uphclean.exeC:\WINDOWS\system32\keyhook.exeC:\Program Files\Ahead\InCD\InCD.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\PROGRA~1\Yahoo!\browser\ybrwicon.exeC:\PROGRA~1\Yahoo!\YOP\yop.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exeC:\WINDOWS\SOUNDMAN.EXEC:\PROGRA~1\Yahoo!\browser\ycommon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\Palm\Hotsync.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeC:\WINDOWS\system32\sistray.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.everestkc.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exeO4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exeO4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exeO4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostartO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeO4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe--End of file - 8165 bytesAfter doing all the steps of the virus repair that best tech had outlined in a earlier post this is my log from HiJackthis.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:27:22 PM, on 5/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\Maxtor\Sync\SyncServices.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\UPHClean\uphclean.exeC:\WINDOWS\system32\keyhook.exeC:\Program Files\Ahead\InCD\InCD.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\PROGRA~1\Yahoo!\browser\ybrwicon.exeC:\PROGRA~1\Yahoo!\YOP\yop.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exeC:\WINDOWS\SOUNDMAN.EXEC:\PROGRA~1\Yahoo!\browser\ycommon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Palm\Hotsync.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeC:\WINDOWS\system32\sistray.exeC:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Java\jre1.5.0_06\bin\jucheck.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.everestkc.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exeO4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exeO4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exeO4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostartO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeO4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe--End of file - 8539 bytes Edited May 5, 2008 by Gwen Link to post Share on other sites
Andro1d Posted May 8, 2008 Report Share Posted May 8, 2008 Hello and Welcome to BT. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Sorry for the delay!Step 1Please re-open HijackThis and scan. Check the boxes next to all the entries listed below. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis. Step 2Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Step 3Lets run an F-Secure online scan for Viruses, Spyware and RootKits:Go to http://support.f-secure.com/enu/home/ols.shtmlScroll to the bottom of the page and click the Start scanning button. A window will pop up.Allow the Active X control to be installed on your computer, then click the Accept buttonClick Full System Scan and allow the components to download and the scan to complete.If malware is found, check Submit samples to F-Secure then select Automatic cleaningWhen cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this postIf Automatic cleaning with Submit samples hangs, click Cancel, then New ScanWhen the cleaning option is presented, Uncheck Submit samples to F-SecureClick Automatic cleaningWhen cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this postNotes: This scan will only work with Internet ExplorerYou must have administrator rights to run this scanThis scan can take several hours, so please be patient Link to post Share on other sites
Gwen9911 Posted May 8, 2008 Author Report Share Posted May 8, 2008 After removing files and running AFT cleaner and F-Secure it showed no malware found.Scanning ReportThursday, May 08, 2008 13:04:03 - 14:03:24Computer name: CLIENT-DA755664 Scanning type: Scan system for malware, rootkits Target: C:\ --------------------------------------------------------------------------------Result: 0 malware found--------------------------------------------------------------------------------StatisticsScanned:Files: 34405 System: 3843 Not scanned: 27 Actions:Disinfected: 0 Renamed: 0 Deleted: 0 None: 0 Submitted: 0 Files not scanned:C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{5D27F6A5-396A-4D89-B756-F8840DC9D45D}.BIN C:\FOUND.002\DIR0001.CHK\UPD7BIN\U7AVI963U716HM.BIN C:\FOUND.002\DIR0001.CHK\UPD7BIN\U7AVI963U716HM.BIN C:\FOUND.002\DIR0001.CHK\UPD7BIN\U7AVI963U716HM.BIN C:\FOUND.002\DIR0001.CHK\UPD7BIN\U7AVI963U716HM.BIN C:\FOUND.002\DIR0001.CHK\UPD7BIN\U7AVI963U716HM.BIN C:\FOUND.002\DIR0001.CHK\UPD7BIN\U7AVI963U716HM.BIN C:\FOUND.002\DIR0001.CHK\UPD7BIN\U7AVI963U716HM.BIN C:\FOUND.002\DIR0001.CHK\UPD7BIN\U7AVI963U716HM.BIN C:\FOUND.002\DIR0001.CHK\UPD7BIN\U7AVI963U716HM.BIN C:\FOUND.002\DIR0001.CHK\UPD7BIN\U7AVI963U716HM.BIN C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS1995CC90B8FC2D3E0445F870F8E8B0C_413EA2CC-78D8-4469-808A-AD897FE7ADF3 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS8140BFEDB7D620327A51943517D0837_413EA2CC-78D8-4469-808A-AD897FE7ADF3 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\27DED75D0E6CCEDC7DBAE1518139D737_413EA2CC-78D8-4469-808A-AD897FE7ADF3 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31117A80CC8B450F85141D7E6047D3ED_413EA2CC-78D8-4469-808A-AD897FE7ADF3 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3156356F66BAAB91732805C87D571D3D_413EA2CC-78D8-4469-808A-AD897FE7ADF3 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68FCB97AB891C1EDE1FE55C4C656DD40_413EA2CC-78D8-4469-808A-AD897FE7ADF3 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\767A29A119B71B75937F3104ADF8B391_413EA2CC-78D8-4469-808A-AD897FE7ADF3 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\908DAC39C695A3BA3C38CC4005F86191_413EA2CC-78D8-4469-808A-AD897FE7ADF3 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DEE3F6D238D315E645A056A649920F02_413EA2CC-78D8-4469-808A-AD897FE7ADF3 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F2B2F2D5F529E1C35219B230B9EC11CF_413EA2CC-78D8-4469-808A-AD897FE7ADF3 --------------------------------------------------------------------------------OptionsScanning engines:F-Secure USS: 2.30.0 F-Secure Hydra: 2.8.8110, 2008-05-08 F-Secure AVP: 7.0.171, 2008-05-08 F-Secure Pegasus: 1.20.0, 2008-02-28 F-Secure Blacklight: 1.0.68 Scanning options:Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use Advanced heuristics --------------------------------------------------------------------------------Copyright © 1998-2007 Product support |Send virus sample to F-SecureF-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability. Link to post Share on other sites
Andro1d Posted May 9, 2008 Report Share Posted May 9, 2008 Hey,Well I am not seeing anything malware related, how is everything running? Link to post Share on other sites
Gwen9911 Posted May 9, 2008 Author Report Share Posted May 9, 2008 It is running a lot better than before! Thank you for all your help! Link to post Share on other sites
Andro1d Posted May 9, 2008 Report Share Posted May 9, 2008 Nice job your log looks clean! How is it running?Please use the following suggestion to help prevent reinfection.Also, you may delete any tools I had you download during the cleaning process.Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the followingClick Start, Settings, Control PanelDouble-click the System iconClick the Performance tab, File System, Troubleshooting tabCheck "Turn off System Restore" and click "Apply". Please give a moment as it will delete the old System Restore pointsThen uncheck "Turn off System Restore" which will create a new System Restore pointClick OKI highly recommend downloading the following programs, to keep malware of your computer to begin with.The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.Malwarebytes' Anti-Malware - A very powerful tool which searches and kills malware that infects your system. SpywareBlaster - Great prevention tool to keep malware from installing on your system.**Tutorial on installing & using this product can be found HERE**SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.**Tutorial on installing & using this product can be found HERE**IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.**Tutorial on installing & using this product can be found HERE**ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.Antivirus Program An Antivirus program is a must in today's digital world! I recommend avast! 4 Home Edition, AVG, or Anti-Vir. DO NOT install more than one Antivirus program. They will conflict, and provide less protection, not more.Firewall A firewall is definitely a must have to protect your computer from hackers. I recommend Comodo, Online Armor, or Outpost.**Tutorial on Firewalls can be found HERE**Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.You must stay on top of your updates at all times, for the above mentioned applications.It is vitally important to stay on top of your critical updates provided by Microsoft.And finally a little How did I get infected in the first place?(by Tony Klein)Good luck and safe surfing Link to post Share on other sites
Samuel4u Posted May 15, 2008 Report Share Posted May 15, 2008 I agree with the above post. Link to post Share on other sites
Besttechie Posted May 15, 2008 Report Share Posted May 15, 2008 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts