Want to say thanks!
I have got another computer however, and this ones realllyyy slow and loaded with all sorts of rubbish softwares. I dont know which ones to delete and which ones to keep. Most of the times i dont delete them in case other important windows softwares start to malfunction ( it happened once before when i uninstalled norton i think). So yeah this computer is well slow and its most probably a nesting ground for malwares and spywares and so on.
I have followed all the ''before u post your hijackthis logs'' steps, downloaded ATFcleaner and ran that, downloaded malwarebytes and scanned the system with that, found a couple of infections, deleted them. Also ran HijackThis and got the log, which i am gonna post below.
Could you please tell me any further steps that i need to take and also which softwares i can remove from this system safely? Thanks. Really appreciate your efforts man.
My HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 15:57:57, on 24/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://search.presar.../srchredir2.dll?
c=3C01&lc=0809&s=search&ap=b204
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 60.208.64.177:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-
0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {00407B69-3B29-4AC2-98BF-7999AC07467A} -
(no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-
7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {144C0D53-A7AA-46F3-B655-90FA4C347AA1} -
(no file)
O2 - BHO: (no name) - {15FEE496-CDD0-468A-9182-BAE8FF3451AA}
- (no file)
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-
000000000000} - C:\Program Files\Common Files\ReGet
Shared\Catcher.dll
O2 - BHO: (no name) - {1A2BAE59-2A27-4356-8DD6-175B7A35B229} -
(no file)
O2 - BHO: (no name) - {2295D587-1F1F-46AB-A0E1-3D395AAA9029} -
(no file)
O2 - BHO: (no name) - {2C114700-A1D0-4B38-90A0-1FAE7BC66193} -
(no file)
O2 - BHO: (no name) - {2CED0917-F106-4D7A-BE28-81458160C549} -
(no file)
O2 - BHO: (no name) - {2E801EEA-8505-4446-B669-8482086A1EF1} -
(no file)
O2 - BHO: (no name) - {3475BF32-38F6-4B70-9EC4-73DBF2D42F0D} -
(no file)
O2 - BHO: (no name) - {37458183-DD8B-4FF9-A79E-8CDF42896563} -
(no file)
O2 - BHO: (no name) - {3A9DB4A6-E29C-4AE8-9C44-B058941EB5D0}
- (no file)
O2 - BHO: (no name) - {42A64A3F-C28D-41B7-90FF-FBDD03F3EBE2}
- (no file)
O2 - BHO: (no name) - {4501E05F-E0B8-4FCC-9513-059EE3A1D728} -
(no file)
O2 - BHO: (no name) - {4CD1A1E1-2031-472E-9A9A-EEC2698AC3E9}
- (no file)
O2 - BHO: (no name) - {4F392267-B6EF-4CA4-8AAF-ED1749373D34} -
(no file)
O2 - BHO: (no name) - {610DCB11-58EE-4FAC-91A1-2F62E6E7FC8A}
- (no file)
O2 - BHO: (no name) - {61B7CF66-2E6C-4384-9BC0-E9BA6C2D3D6C}
- (no file)
O2 - BHO: (no name) - {65B03447-D095-428B-B6FF-5236CBD7A209} -
(no file)
O2 - BHO: (no name) - {66AE2F28-F579-43D9-9938-4505B3840A55} -
(no file)
O2 - BHO: (no name) - {6A3995D8-0E7C-445D-9F03-2104752614C8} -
(no file)
O2 - BHO: (no name) - {6C78A124-AD16-4DE9-8D72-CEF30903B883} -
(no file)
O2 - BHO: (no name) - {6CB3CB69-A491-4DC6-987E-A3A0A968B18B}
- (no file)
O2 - BHO: (no name) - {6E534804-782C-4613-9085-2EE3A885AF2C} -
(no file)
O2 - BHO: (no name) - {7234F4D3-FABF-4DAB-ACF6-2E44AD51F22E}
- (no file)
O2 - BHO: (no name) - {72924C96-0059-43A6-B3F6-A5546707A2E3} -
(no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-
D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {77D5C4D1-6D0C-4B17-8725-A1CB396C50E0}
- (no file)
O2 - BHO: (no name) - {7C227956-D1F1-4D5D-B0D5-2F541A7B1D3C}
- (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
(no file)
O2 - BHO: (no name) - {83930191-B0E7-47FE-8DDC-1C44F02945F9} -
(no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} -
C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: (no name) - {85B406C2-9D6F-495C-A48F-6B01B128EE9D} -
(no file)
O2 - BHO: wssclient - {8D99D2A3-317C-4929-8A5D-21140259D93A} -
c:\PROGRA~1\wss.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-
8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9ACD96C1-754A-4557-8C13-2725253B3536} -
(no file)
O2 - BHO: (no name) - {9C9ABD32-87DC-4327-BEAE-
E3CCC73F93A5} - (no file)
O2 - BHO: (no name) - {A2C8C327-9822-4537-B8C0-B0590CCCAA10}
- (no file)
O2 - BHO: (no name) - {A332DE9A-BC6B-4AF9-9A59-388FAF93E681}
- (no file)
O2 - BHO: (no name) - {A47862A2-4AE6-4572-9026-4C41D347D4B4} -
(no file)
O2 - BHO: (no name) - {A7853404-E817-4419-9311-B947CCC3098E} -
(no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
(no file)
O2 - BHO: (no name) - {ADAA7F86-3933-42D2-9E68-04C859A07FAD} -
(no file)
O2 - BHO: (no name) - {B1AB473F-3436-49DA-9E87-3410DDADAD94}
- (no file)
O2 - BHO: (no name) - {B3811E84-5EE5-4C03-991C-D79A47CCBC81}
- (no file)
O2 - BHO: (no name) - {B9357E5D-25D8-4EE7-BC25-EDED800AE258}
- (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872}
- (no file)
O2 - BHO: (no name) - {C06646C3-E962-442B-91AA-584F09497A25} -
(no file)
O2 - BHO: (no name) - {CB63A18C-8E76-4C6F-9E34-678064B1BC72} -
(no file)
O2 - BHO: (no name) - {CCDCA588-8904-4600-8462-22CAC96B4E2C}
- (no file)
O2 - BHO: (no name) - {D59AF09B-95EE-4D3D-8A3E-D400450C4874}
- (no file)
O2 - BHO: (no name) - {DEE59238-A9FF-43BF-AE59-F26949979E70} -
(no file)
O2 - BHO: (no name) - {DF01E5DC-82A6-4944-B696-DA3311787905} -
(no file)
O2 - BHO: (no name) - {E56F7F2C-859F-4DF3-AAA9-85C91DA45028} -
(no file)
O2 - BHO: (no name) - {ED6DBF7B-D30A-4657-BF4A-673C61D13F78}
- (no file)
O2 - BHO: (no name) - {F88AE11E-175F-45D3-A673-FC483680AE41} -
(no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655}
- (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-
0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-
56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-
10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-
CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy
Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
/STARTUP
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Disc Detector] C:\Program
Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32
\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriveDiscoveryMemoryResident] C:\Program
Files\NotsoSoftware\DriveDiscovery\NSSMR.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!
\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus!
3\MsgPlus.exe" /WinStart
O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: AdsGone 2006.lnk = C:\Program
Files\AdsGone\adsgone.exe
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program
Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe -
C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Download Link Using Mega Manager... -
C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List -
res://C:\Program Files\Canon\Easy-
WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print -
res://C:\Program Files\Canon\Easy-
WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program
Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program
Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-
11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05
\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-
f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file
missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-
4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: AdsGone - {ECC5777A-6E88-BFCE-13CE-
81F134789E7B} - C:\Program Files\AdsGone\adsgone (file missing)
O9 - Extra 'Tools' menuitem: &AdsGone Settings - {ECC5777A-6E88-
BFCE-13CE-81F134789E7B} - C:\Program Files\AdsGone\adsgone (file
missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: MS&N Messenger Service - {FB5F1910-
F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.answers.com
O15 - Trusted Zone: www.bollywoodheaven.com
O15 - Trusted Zone: http://www.google.co.uk
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows
Genuine Advantage Validation Tool) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java
Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java
Plug-in 1.5.0_11) -
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvepa - C:\WINDOWS\Fonts\awvepa.dll (file
missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32
\WgaLogon.dll
O20 - Winlogon Notify: winstd32 - winstd32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file
missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
Unknown owner - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative
Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050
\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
Unknown owner - C:\Program Files\Norton SystemWorks\Norton
AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Internet Security Service (NISSERV) - Unknown
owner - C:\Program Files\Norton Internet Security\NISSERV.EXE (file
missing)
O23 - Service: Norton Internet Security Accounts Manager (NISUM) -
Unknown owner - C:\Program Files\Norton Internet Security\NISUM.EXE
(file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown
owner - C:\Program Files\Norton SystemWorks\Norton
Utilities\NPROTECT.EXE (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental)
(rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f
"%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file
missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown
owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
(file missing)
O23 - Service: Speed Disk service - Unknown owner - C:\PROGRA~1
\NORTON~1\SPEEDD~1\nopdb.exe (file missing)
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) -
Unknown owner - C:\Program Files\Norton Internet
Security\SymProxySvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner -
C:\Program Files\Common Files\Symantec Shared\Security
Center\SymWSC.exe (file missing)
O23 - Service: System Out (SystemOutService) - Unknown owner -
C:\WINDOWS\system32\systemout.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe