Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

TROJAN PROBLEM [RESOLVED]


  • This topic is locked This topic is locked

#16
SOLOBAGGINS

SOLOBAGGINS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
here is the log reports your after

[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\\'' updated successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd\\'' updated successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com\\'' updated successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\\'' updated successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pif\\'' updated successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.scr\\'' updated successfully.
[Empty Temp Folders]
File delete failed. C:\Users\Richard\AppData\Local\Temp\~DF2E3F.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\ZLT038f1.TMP scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ZLT038f5.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
RecycleBin -> emptied.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 08032008_133559

Files moved on Reboot...
C:\Users\Richard\AppData\Local\Temp\~DF2E3F.tmp moved successfully.
File C:\Windows\temp\ZLT038f1.TMP not found!
File C:\Windows\temp\ZLT038f5.TMP not found!



new hijackthis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40, on 2008-08-03
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 2918 bytes
  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That looks better, how is your system running and are you now going to re-install your Antivirus ?
  • 0

#18
SOLOBAGGINS

SOLOBAGGINS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
i'm doing the doctor web scan right now and i'll post the log soon.
i was going to ask you about what anti-virus to install
i always have spybot as standard. i got zonealarm pro firewall and i've paid for xoftspy.se. do you advise avg and adaware or is that too much?
  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My personal preference is for either Avast or Avira as it appears that AVG is getting a bit bloated and delivers a fair degree of false positives
Spybot is now getting a bit long in the tooth so I would recommend replacing that with another on demand one like SuperAntispyware

If you have any questions on the above just shout
  • 0

#20
SOLOBAGGINS

SOLOBAGGINS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
psexec.cfexe;C:\ComboFix;Program.PsExec.171;;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\Richard\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\Richard\Desktop;Archive contains infected objects;Moved.;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\Richard\DoctorWeb\Quarantine\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\Richard\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
Process.exe;C:\Windows\System32;Tool.Prockill;;


this is the log from doctor web
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nice report how is your system running now ?
  • 0

#22
SOLOBAGGINS

SOLOBAGGINS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
everything seems to be running good. super fast as well by the way.
thank you ever so much for your help.
much appreciated
you guys rule
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Like all good workmen I need to clean up behind me :)

Now the best part of the day ----- Your log now appears clean :)

Double click OTScanIt once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTScanIt wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself. Erunt an MBAM are good tools to keep. However, if you wish to remove them it may be done via control panel


Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#24
SOLOBAGGINS

SOLOBAGGINS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
jobs a goodun

thanks mate

your a star :)
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP