Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijack log HELP


  • This topic is locked This topic is locked
12 replies to this topic

#1 indian

indian

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 05 January 2006 - 09:09 PM

Hi from Canada my computer is loaded with spyware. Could an expert please help me clean my computer.
Thank-you very much. Below is my hijack log.Blondy girl recommened me to this forum. :wavey:


Logfile of HijackThis v1.99.1
Scan saved at 7:48:57 PM, on 05/01/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\DMI\BIN\WIN32SL.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\DMI\BIN\DELLDMI.EXE
C:\DMI\BIN\MONITOR.EXE
C:\DMI\BIN\NIC.EXE
C:\DMI\BIN\COO.EXE
C:\DMI\BIN\DNAR.EXE
C:\DMI\BIN\NODEMNGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\SXGTKBAR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WEBROOT\SHREDDER\SPSHREDDER.EXE
C:\PROGRAM FILES\WEBROOT\POPUPWASHER\POPUPWASHER.EXE
C:\PROGRAM FILES\WEBROOT\WASHER\WWDISP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\MY DOCUMENTS\MY RECEIVED FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dell.com/search/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
O2 - BHO: Popup Killer - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\WINDOWS\POPUPW~1.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [PCHealth] c:\windows\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec Core LC] "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" start
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [3Com DMI Agent] C:\WINDOWS\SYSTEM\3com_dmi\3CDMINIC.EXE
O4 - HKLM\..\RunServices: [DMILDR] C:\DMI\bin\dmildr.exe
O4 - HKLM\..\RunServices: [Win32SL] C:\DMI\BIN\Win32sl.EXE -i -p -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Spam Shredder] C:\Program Files\Webroot\Shredder\spshredder.exe -tray
O4 - HKCU\..\Run: [PopUpWasher] C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Dell Home - {9210B580-05E1-11DA-8A8D-00B0D0604B78} - http://www.dellnet.com (file missing) (HKCU)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab

Edited by indian, 05 January 2006 - 09:21 PM.

    Advertisements

Register to Remove


#2 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 09 January 2006 - 08:39 PM

Step # 1

Please download and run CWShredder. Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

http://www.majorgeek...7fd6b3ff02edc90

REBOOT

Step #2

Please download and run Spybot 1.4 & AdAware SE Then follow the instructions in the link below to run.

Spybot & Adaware Tutorial

REBOOT

Step # 3

Then do a virus scan here >>> Trend Micro

Step # 4

Please download Asquared from the link below.

http://www.emsisoft....tware/download/

Safe it to your desktop. Next open and check for updates.

Boot to safe mode (tap f8 while bios loads)

Then scan your system (this will take some time) after the scan is compelte allow it to fix what it has found. If there is something that it can not clean please let me know what it was.

Then reboot and post a new hijackthis log.

#3 indian

indian

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 11 January 2006 - 12:07 AM

:wavey: Hi Siggyx and thanks for your quick response...
Thank you for your time and patience
Okay I scanned with the Trend Micro...it removed some of the greyware and malware but said it couldn't remove the following:
Housecall Virus Report
adw_ndotnet.n
adw_maxifiles.f
adw_maxifiles.c
Could not be deleted :unsure:
******************************
Tonight I scanned with A-squared Report when I clicked for it to remove it caused a fault in my computer and the screen went blue...luckily *yah* I saved a report before cleaning...

Also certain times before and after coming to this forum my computer will not shut off/restart. :rant:

This is the report
c:/_restore/temp/a-1030047370.cpy
Adware.win32.mywebsearch.o

c:/_restore/temp/a-1030047369.cpy
Adware.mysearch.g

c:/_restore/temp/a-1030047362.cpy
Adware.win32.mywebsearch.ae

c:/program files/common files/download/mc-110-12-0000133.exe
Trojan-dropper.win32.agent.aac

c:/program files Mozilla Firefox/plugins/npmysrch.dll
Adware.win32.mysearch.o

I ran another HiJack Log for you :)

Logfile of HijackThis v1.99.1
Scan saved at 10:57:44 PM, on 10/01/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\DMI\BIN\WIN32SL.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\DMI\BIN\DELLDMI.EXE
C:\DMI\BIN\MONITOR.EXE
C:\DMI\BIN\NIC.EXE
C:\DMI\BIN\COO.EXE
C:\DMI\BIN\DNAR.EXE
C:\DMI\BIN\NODEMNGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\SXGTKBAR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WEBROOT\SHREDDER\SPSHREDDER.EXE
C:\PROGRAM FILES\WEBROOT\POPUPWASHER\POPUPWASHER.EXE
C:\PROGRAM FILES\WEBROOT\WASHER\WWDISP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\MY RECEIVED FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dell.com/search/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
O2 - BHO: Popup Killer - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\WINDOWS\POPUPW~1.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [PCHealth] c:\windows\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec Core LC] "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" start
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [3Com DMI Agent] C:\WINDOWS\SYSTEM\3com_dmi\3CDMINIC.EXE
O4 - HKLM\..\RunServices: [DMILDR] C:\DMI\bin\dmildr.exe
O4 - HKLM\..\RunServices: [Win32SL] C:\DMI\BIN\Win32sl.EXE -i -p -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Spam Shredder] C:\Program Files\Webroot\Shredder\spshredder.exe -tray
O4 - HKCU\..\Run: [PopUpWasher] C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Dell Home - {9210B580-05E1-11DA-8A8D-00B0D0604B78} - http://www.dellnet.com (file missing) (HKCU)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab

Edited by indian, 11 January 2006 - 12:19 AM.


#4 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 11 January 2006 - 07:28 PM

Please do an online scan with Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#5 indian

indian

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 11 January 2006 - 10:13 PM

:wavey: Hi Siggyx well thank-you for your time with me. I really appreciate. Here is the anti virus log you asked for.And thanks for your continued help and patience with me. :D ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Wednesday, January 11, 2006 21:08:11 Operating System: Microsoft Windows Millennium Edition Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 12/01/2006 Kaspersky Anti-Virus database records: 170632 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: a:\ c:\ d:\ Scan Statistics: Total number of scanned objects: 19817 Number of viruses found: 10 Number of infected objects: 42 Number of suspicious objects: 2 Duration of the scan process: 2590 sec Infected Object Name - Virus Name c:\_RESTORE\ARCHIVE\FS72.CAB/A-1030056402.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet.e c:\_RESTORE\ARCHIVE\FS72.CAB/A-1030056397.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet.e c:\_RESTORE\ARCHIVE\FS72.CAB/A-1030056392.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet c:\_RESTORE\ARCHIVE\FS72.CAB/A-1030056387.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet.e c:\_RESTORE\ARCHIVE\FS72.CAB Infected: not-a-virus:AdWare.Win32.NewDotNet.e c:\_RESTORE\ARCHIVE\FS71.CAB/A-1030057415.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet c:\_RESTORE\ARCHIVE\FS71.CAB/A-1030057414.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.o c:\_RESTORE\ARCHIVE\FS71.CAB Infected: not-a-virus:AdWare.Win32.Maxifiles.o c:\_RESTORE\ARCHIVE\FS66.CAB/A-1030060464.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.u c:\_RESTORE\ARCHIVE\FS66.CAB/A-1030060461.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.u c:\_RESTORE\ARCHIVE\FS66.CAB/A-1030060460.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.u c:\_RESTORE\ARCHIVE\FS66.CAB/A-1030060458.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.u c:\_RESTORE\ARCHIVE\FS66.CAB/A-1030060457.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.u c:\_RESTORE\ARCHIVE\FS66.CAB Infected: not-a-virus:AdWare.Win32.Maxifiles.u c:\_RESTORE\ARCHIVE\FS101.CAB/A-1030047370.CPY Infected: not-a-virus:AdWare.Win32.MyWebSearch.i c:\_RESTORE\ARCHIVE\FS101.CAB/A-1030047369.CPY Infected: not-a-virus:AdWare.Win32.MySearch.g c:\_RESTORE\ARCHIVE\FS101.CAB/A-1030047368.CPY Infected: not-a-virus:AdWare.Win32.MyWebSearch.l c:\_RESTORE\ARCHIVE\FS101.CAB/A-1030047362.CPY Infected: not-a-virus:AdWare.Win32.MyWebSearch.ae c:\_RESTORE\ARCHIVE\FS101.CAB/A-1030047321.CPY/EXE-file/WISE0012.BIN Infected: not-a-virus:AdWare.Win32.MyWebSearch.ae c:\_RESTORE\ARCHIVE\FS101.CAB/A-1030047321.CPY/EXE-file Infected: not-a-virus:AdWare.Win32.MyWebSearch.ae c:\_RESTORE\ARCHIVE\FS101.CAB/A-1030047321.CPY Infected: not-a-virus:AdWare.Win32.MyWebSearch.ae c:\_RESTORE\ARCHIVE\FS101.CAB Infected: not-a-virus:AdWare.Win32.MyWebSearch.ae c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\RegistryCleaner.zip/SOPROC.EXE Suspicious: Password-protected-EXE c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\RegistryCleaner.zip Suspicious: Password-protected-EXE c:\WINDOWS\.housecall\Quarantine\freeprodtb.exe.bac_a91083 Infected: not-a-virus:AdWare.Win32.Maxifiles.o c:\WINDOWS\.housecall\Quarantine\A-1030060457.CPY.bac_a91083 Infected: not-a-virus:AdWare.Win32.Maxifiles.u c:\WINDOWS\.housecall\Quarantine\A-1030060460.CPY.bac_a91083 Infected: not-a-virus:AdWare.Win32.Maxifiles.u c:\WINDOWS\.housecall\Quarantine\FS66.CAB.bac_a67277/A-1030060464.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.u c:\WINDOWS\.housecall\Quarantine\FS66.CAB.bac_a67277/A-1030060461.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.u c:\WINDOWS\.housecall\Quarantine\FS66.CAB.bac_a67277/A-1030060460.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.u c:\WINDOWS\.housecall\Quarantine\FS66.CAB.bac_a67277/A-1030060458.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.u c:\WINDOWS\.housecall\Quarantine\FS66.CAB.bac_a67277/A-1030060457.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.u c:\WINDOWS\.housecall\Quarantine\FS66.CAB.bac_a67277 Infected: not-a-virus:AdWare.Win32.Maxifiles.u c:\WINDOWS\.housecall\Quarantine\FS71.CAB.bac_a67277/A-1030057415.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet c:\WINDOWS\.housecall\Quarantine\FS71.CAB.bac_a67277/A-1030057414.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.o c:\WINDOWS\.housecall\Quarantine\FS71.CAB.bac_a67277 Infected: not-a-virus:AdWare.Win32.Maxifiles.o c:\WINDOWS\.housecall\Quarantine\FS72.CAB.bac_a67277/A-1030056402.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet.e c:\WINDOWS\.housecall\Quarantine\FS72.CAB.bac_a67277/A-1030056397.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet.e c:\WINDOWS\.housecall\Quarantine\FS72.CAB.bac_a67277/A-1030056392.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet c:\WINDOWS\.housecall\Quarantine\FS72.CAB.bac_a67277/A-1030056387.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet.e c:\WINDOWS\.housecall\Quarantine\FS72.CAB.bac_a67277 Infected: not-a-virus:AdWare.Win32.NewDotNet.e c:\Program Files\Common Files\Download\mc-110-12-0000133.exe Infected: Trojan.Win32.Autoit.h c:\Program Files\Norton AntiVirus\Quarantine\2F06513F.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.u c:\Program Files\Mozilla Firefox\plugins\NPMySrch.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.i Scan process completed. :weee:

#6 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 11 January 2006 - 10:24 PM

Download TheKillbox from here http://www.downloads...org/KillBox.zip Save to your Desktop and double click it to open it up. In the 'Enter Full Path and Filename to Delete' box, copy and paste these entries one by one, clicking 'Find and Kill This File' after each one:

c:\Program Files\Common Files\Download\mc-110-12-0000133.exe

c:\Program Files\Mozilla Firefox\plugins\NPMySrch.dll

Download ccleaner from the link below, save it to your desktop. Open ccleaner and click on run ccleaner at the bottom right.

http://www.majorgeek...wnload4191.html

Next download Regseeker from the link below. Save it to your destop. Open Regseeker and click on clean registry, next click ok. Once the scan is complete make sure the make backups is checked and then select all and delete it.

http://www.majorgeek...wnload2579.html

Reboot and post a new hijackthis log and kapersky log please.

#7 indian

indian

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 12 January 2006 - 06:41 PM

:wavey: Hi Siggyx, I ran the programs that you told me to and here are the logs you requested. Again thank you for you patience with me and my computer. :D



Logfile of HijackThis v1.99.1
Scan saved at 5:35:47 PM, on 12/01/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\DMI\BIN\WIN32SL.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\DMI\BIN\DELLDMI.EXE
C:\DMI\BIN\MONITOR.EXE
C:\DMI\BIN\NIC.EXE
C:\DMI\BIN\COO.EXE
C:\DMI\BIN\DNAR.EXE
C:\DMI\BIN\NODEMNGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\SXGTKBAR.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WEBROOT\SHREDDER\SPSHREDDER.EXE
C:\PROGRAM FILES\WEBROOT\POPUPWASHER\POPUPWASHER.EXE
C:\PROGRAM FILES\WEBROOT\WASHER\WWDISP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\MY DOCUMENTS\MY RECEIVED FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dell.com/search/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Popup Killer - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\WINDOWS\POPUPW~1.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [PCHealth] c:\windows\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec Core LC] "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" start
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [3Com DMI Agent] C:\WINDOWS\SYSTEM\3com_dmi\3CDMINIC.EXE
O4 - HKLM\..\RunServices: [DMILDR] C:\DMI\bin\dmildr.exe
O4 - HKLM\..\RunServices: [Win32SL] C:\DMI\BIN\Win32sl.EXE -i -p -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Spam Shredder] C:\Program Files\Webroot\Shredder\spshredder.exe -tray
O4 - HKCU\..\Run: [PopUpWasher] C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Dell Home - {9210B580-05E1-11DA-8A8D-00B0D0604B78} - http://www.dellnet.com (file missing) (HKCU)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...ebscan_ansi.cab



This is the kaspersky log.



-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, January 12, 2006 00:40:47
Operating System: Microsoft Windows Millennium Edition
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 12/01/2006
Kaspersky Anti-Virus database records: 170652
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
a:\
c:\
d:\

Scan Statistics:
Total number of scanned objects: 19349
Number of viruses found: 10
Number of infected objects: 45
Number of suspicious objects: 2
Duration of the scan process: 2550 sec

Infected Object Name - Virus Name
c:\_RESTORE\ARCHIVE\FS72.CAB/A-1030056402.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet.e
c:\_RESTORE\ARCHIVE\FS72.CAB/A-1030056397.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet.e
c:\_RESTORE\ARCHIVE\FS72.CAB/A-1030056392.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet
c:\_RESTORE\ARCHIVE\FS72.CAB/A-1030056387.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet.e
c:\_RESTORE\ARCHIVE\FS72.CAB Infected: not-a-virus:AdWare.Win32.NewDotNet.e
c:\_RESTORE\ARCHIVE\FS71.CAB/A-1030057415.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet
c:\_RESTORE\ARCHIVE\FS71.CAB/A-1030057414.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.o
c:\_RESTORE\ARCHIVE\FS71.CAB Infected: not-a-virus:AdWare.Win32.Maxifiles.o
c:\_RESTORE\ARCHIVE\FS66.CAB/A-1030060464.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.u
c:\_RESTORE\ARCHIVE\FS66.CAB/A-1030060461.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.u
c:\_RESTORE\ARCHIVE\FS66.CAB/A-1030060460.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.u
c:\_RESTORE\ARCHIVE\FS66.CAB/A-1030060458.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.u
c:\_RESTORE\ARCHIVE\FS66.CAB/A-1030060457.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.u
c:\_RESTORE\ARCHIVE\FS66.CAB Infected: not-a-virus:AdWare.Win32.Maxifiles.u
c:\_RESTORE\ARCHIVE\FS101.CAB/A-1030047370.CPY Infected: not-a-virus:AdWare.Win32.MyWebSearch.i
c:\_RESTORE\ARCHIVE\FS101.CAB/A-1030047369.CPY Infected: not-a-virus:AdWare.Win32.MySearch.g
c:\_RESTORE\ARCHIVE\FS101.CAB/A-1030047368.CPY Infected: not-a-virus:AdWare.Win32.MyWebSearch.l
c:\_RESTORE\ARCHIVE\FS101.CAB/A-1030047362.CPY Infected: not-a-virus:AdWare.Win32.MyWebSearch.ae
c:\_RESTORE\ARCHIVE\FS101.CAB/A-1030047321.CPY/EXE-file/WISE0012.BIN Infected: not-a-virus:AdWare.Win32.MyWebSearch.ae
c:\_RESTORE\ARCHIVE\FS101.CAB/A-1030047321.CPY/EXE-file Infected: not-a-virus:AdWare.Win32.MyWebSearch.ae
c:\_RESTORE\ARCHIVE\FS101.CAB/A-1030047321.CPY Infected: not-a-virus:AdWare.Win32.MyWebSearch.ae
c:\_RESTORE\ARCHIVE\FS101.CAB Infected: not-a-virus:AdWare.Win32.MyWebSearch.ae
c:\_RESTORE\ARCHIVE\FS114.CAB/A-1030038307.CPY Infected: Trojan.Win32.Autoit.h
c:\_RESTORE\ARCHIVE\FS114.CAB/A-1030038305.CPY Infected: not-a-virus:AdWare.Win32.MyWebSearch.i
c:\_RESTORE\ARCHIVE\FS114.CAB Infected: not-a-virus:AdWare.Win32.MyWebSearch.i
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\RegistryCleaner.zip/SOPROC.EXE Suspicious: Password-protected-EXE
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\RegistryCleaner.zip Suspicious: Password-protected-EXE
c:\WINDOWS\.housecall\Quarantine\freeprodtb.exe.bac_a91083 Infected: not-a-virus:AdWare.Win32.Maxifiles.o
c:\WINDOWS\.housecall\Quarantine\A-1030060457.CPY.bac_a91083 Infected: not-a-virus:AdWare.Win32.Maxifiles.u
c:\WINDOWS\.housecall\Quarantine\A-1030060460.CPY.bac_a91083 Infected: not-a-virus:AdWare.Win32.Maxifiles.u
c:\WINDOWS\.housecall\Quarantine\FS66.CAB.bac_a67277/A-1030060464.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.u
c:\WINDOWS\.housecall\Quarantine\FS66.CAB.bac_a67277/A-1030060461.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.u
c:\WINDOWS\.housecall\Quarantine\FS66.CAB.bac_a67277/A-1030060460.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.u
c:\WINDOWS\.housecall\Quarantine\FS66.CAB.bac_a67277/A-1030060458.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.u
c:\WINDOWS\.housecall\Quarantine\FS66.CAB.bac_a67277/A-1030060457.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.u
c:\WINDOWS\.housecall\Quarantine\FS66.CAB.bac_a67277 Infected: not-a-virus:AdWare.Win32.Maxifiles.u
c:\WINDOWS\.housecall\Quarantine\FS71.CAB.bac_a67277/A-1030057415.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet
c:\WINDOWS\.housecall\Quarantine\FS71.CAB.bac_a67277/A-1030057414.CPY Infected: not-a-virus:AdWare.Win32.Maxifiles.o
c:\WINDOWS\.housecall\Quarantine\FS71.CAB.bac_a67277 Infected: not-a-virus:AdWare.Win32.Maxifiles.o
c:\WINDOWS\.housecall\Quarantine\FS72.CAB.bac_a67277/A-1030056402.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet.e
c:\WINDOWS\.housecall\Quarantine\FS72.CAB.bac_a67277/A-1030056397.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet.e
c:\WINDOWS\.housecall\Quarantine\FS72.CAB.bac_a67277/A-1030056392.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet
c:\WINDOWS\.housecall\Quarantine\FS72.CAB.bac_a67277/A-1030056387.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet.e
c:\WINDOWS\.housecall\Quarantine\FS72.CAB.bac_a67277 Infected: not-a-virus:AdWare.Win32.NewDotNet.e
c:\Program Files\Norton AntiVirus\Quarantine\2F06513F.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.u
c:\!KillBox\mc-110-12-0000133.exe Infected: Trojan.Win32.Autoit.h
c:\!KillBox\NPMySrch.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.i

Scan process completed.

#8 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 12 January 2006 - 09:11 PM

Lets do some cleaning.

Download ccleaner from the link below, save it to your desktop. Open ccleaner and click on run ccleaner at the bottom right.

http://www.majorgeek...wnload4191.html

Next download Regseeker from the link below. Save it to your destop. Open Regseeker and click on clean registry, next click ok. Once the scan is complete make sure the make backups is checked and then select all and delete it.

http://www.majorgeek...wnload2579.html

Next you neeed to clean out your system restore. You can do that by turning it off then back on

To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.


1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives" as shown in this illustration:
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Proceed with what you need to do; for example, virus removal. When you have finished, restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.

Then a new hijackthis log. How is it running?

#9 indian

indian

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 12 January 2006 - 11:31 PM

:wavey: Hi Siggyx,
Yes it's me again lol :rofl: So I did the cleaning you requested. And I did the system restore. I thought I would let you know that when I ran the CCleaner during the scan my computer went black and it restarted. I ran the program again and it worked. :scratch: Not sure what happened there. I have Windows ME so system restore was alittle different than you explained. My computer said to restart before starting restore and it would not shut off so I held down the power button down. Succeeded with the system restore. Here is the lasted Hijack log as requested. Thank you very much for all of your help and hear from you soon. :P




Logfile of HijackThis v1.99.1
Scan saved at 10:14:04 PM, on 12/01/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\DMI\BIN\WIN32SL.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\DMI\BIN\DELLDMI.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\DMI\BIN\MONITOR.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\SXGTKBAR.EXE
C:\DMI\BIN\NIC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\DMI\BIN\COO.EXE
C:\DMI\BIN\DNAR.EXE
C:\DMI\BIN\NODEMNGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WEBROOT\SHREDDER\SPSHREDDER.EXE
C:\PROGRAM FILES\WEBROOT\POPUPWASHER\POPUPWASHER.EXE
C:\PROGRAM FILES\WEBROOT\WASHER\WWDISP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\MY DOCUMENTS\MY RECEIVED FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dell.com/search/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Popup Killer - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\WINDOWS\POPUPW~1.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [PCHealth] c:\windows\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec Core LC] "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" start
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [3Com DMI Agent] C:\WINDOWS\SYSTEM\3com_dmi\3CDMINIC.EXE
O4 - HKLM\..\RunServices: [DMILDR] C:\DMI\bin\dmildr.exe
O4 - HKLM\..\RunServices: [Win32SL] C:\DMI\BIN\Win32sl.EXE -i -p -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Spam Shredder] C:\Program Files\Webroot\Shredder\spshredder.exe -tray
O4 - HKCU\..\Run: [PopUpWasher] C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Dell Home - {9210B580-05E1-11DA-8A8D-00B0D0604B78} - http://www.dellnet.com (file missing) (HKCU)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...ebscan_ansi.cab

Edited by indian, 12 January 2006 - 11:36 PM.


#10 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 13 January 2006 - 03:53 PM

Looks ok how is it running?

#11 indian

indian

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 13 January 2006 - 08:22 PM

:wavey: Hi Siggyx Well I am glad that it looks good. Thank-you, Thank-you, Thank you for all of your help. :wall: This was me before and now :lol: . BUT I have one more question. After I posted you last night, I went to go turn off my computer and it would not turn again. I went to start menu, then to shut down, then shut down. The screen goes alittle fuzzy like normal then goes back to my desk top as if I did nothing. So to turn it off I held down the power button again. But funny thing today it turned off just fine. Some times it will turn off but sometimes it won't. Is there anything I can do about this? :scratch: If not thats okay. Again Thank-you. :P

#12 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 13 January 2006 - 09:10 PM

This is a known issue with ME. Some reading here that may or may not help.

http://aumha.org/win4/a/shtdwnme.php

Glad I was able to help.

Edited by Siggyx, 13 January 2006 - 09:10 PM.


#13 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 13 January 2006 - 09:10 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users