1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

malware removal needed?

Discussion in 'Virus & Other Malware Removal' started by heather32, Dec 12, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. heather32

    heather32 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    15
    I was in another thread. I installed hijacker and scanned my computer and the logfile. It showed on notepad the results which i dnt understand it, thought someone on the other thread said that my computer was infected to come to this thread and post my results from the scan. I may need a virus and malware removal. I downloaded avg already which messed my computer up. So I had to go in safe mode and delete it completley.
    The following is what the hijack logfile scan shows.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:36:26 PM, on 12/12/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20627)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\csrsc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\VistaDrive\VistaDrive.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system\netmon.exe
    C:\WINDOWS\system\lsass.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Opera\opera.exe
    C:\Documents and Settings\Krystal\Local Settings\Application Data\Opera\Opera\temporary_downloads\HijackThis (1).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [netmon] C:\WINDOWS\system\netmon.exe
    O4 - HKLM\..\Run: [ilasss] C:\WINDOWS\system\lsass.exe
    O4 - HKLM\..\Run: [lsass] C:\WINDOWS\system\1sass.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: VMwareService - Unknown owner - C:\WINDOWS\system\VMwareService.exe (file missing)
    O23 - Service: Windows Spool Services (WinSpoolSvc) - Unknown owner - C:\WINDOWS\system32\csrsc.exe

    --
    End of file - 4435 bytes
     
  2. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    79,941
    First Name:
    Terry
    Potential helpers may be interested in the OP's other thread.
     
  3. heather32

    heather32 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    15
    [Edit by Moderator] Hi, Have changed your title of the thread to what you wanted. All malware removal is supposed to happen in this Malware Removal part of the forums....where specialists whom are the only ones allowed to do so can help you. Problem is, requests for malware help far far outstrip the people who volunteer their time here to help others for nothing. So, we ask that you wait for assistance- some one will help you soon, though it may be days before we can.

    Most likely, we can Close this thread depending on the results of the tool you were asked to use and post the log from (MGADiag) The sooner you do that the sooner we can assist you! The computer is definitely infected and YES, we can tell quite often from just one log of Hijackthis....
    Please post that log in the other thread- that one is dealing with some other information we would like to have in order to help you easier...
    Thank you. TSG.
    [end of Moderator comments]



    Okay, so now I am getting moved to a different thread? I meant to put on my title I need a malware and virus removal! If noone can understand my questions, then ask what my problem is, I have posted in so many threads I am getting tired of being directed to three or four different ones. If I need a malware and virus removal. I believe I am in the right section!
     
  4. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    65,422
    First Name:
    Wayne
    you are in the correct thread - BUT we do not want two threads running trying to diagnose the same issue
    Phantom010 - Asked you rto do this, and then we can manage JUST one post with all the info in - trust us its a lot easier then having multiple posts running
    So

    I am going to close this post and then move your other post into the virus and removal forum - so that all the information is contained in one thread - and also you are in the correct forum

    simple -

    hope that works for you and stops the .....
    1 thread

    now in the other thread answer the questions and post the required logs
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1030982

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice