hijackthis log

spkenn5

spkenn5

New Member
please review it..

Logfile of HijackThis v1.99.1
Scan saved at 5:12:33 PM, on 7/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RxMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\inet20001\services.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\kernels8.exe
C:\WINDOWS\System32\netfilt4.exe
C:\WINDOWS\smss.exe
C:\WINDOWS\ieredir.exe
C:\WINDOWS\System32\spoolsvv.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
C:\WINDOWS\System32\sndraw32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Windows\xpupdate.exe
C:\WINDOWS\System32\netfilt4.exe
C:\WINDOWS\System\svchost.exe
C:\Program Files\BraveSentry\BraveSentry.exe
C:\Program Files\Navnt\navapw32.exe
C:\WINDOWS\System32\dlh9jkdq2.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\TheMatrixHasYou.exe
C:\WINDOWS\TEMP\C035.tmp
C:\WINDOWS\System32\vxgamet3.exe
C:\WINDOWS\System32\netfilt4.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\qvxgamet3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Quang\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\services.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ib.CBrowserHelper - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\WINDOWS\System32\ib14.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IExplorerHelper Class - {E89097ED-3400-411D-9647-D368C3311C98} - C:\WINDOWS\System32\IeHelperExVSSS.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [14.tmp] C:\DOCUME~1\Quang\LOCALS~1\Temp\14.tmp.exe
O4 - HKLM\..\Run: [15.tmp] C:\DOCUME~1\Quang\LOCALS~1\Temp\15.tmp.exe
O4 - HKLM\..\Run: [14.tmp.exe] C:\DOCUME~1\Quang\LOCALS~1\Temp\14.tmp.exe
O4 - HKLM\..\Run: [15.tmp.exe] C:\DOCUME~1\Quang\LOCALS~1\Temp\15.tmp.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [netfilt4] C:\WINDOWS\System32\netfilt4.exe
O4 - HKLM\..\Run: [windows] c:\temp\svchost.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [IE Redir] C:\WINDOWS\ieredir.exe
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe
O4 - HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [RxUser] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [sndraw32] C:\WINDOWS\System32\sndraw32.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe
O4 - HKLM\..\RunServices: [netfilt4] C:\WINDOWS\System32\netfilt4.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\RunServices: [sndraw32] C:\WINDOWS\System32\sndraw32.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [netfilt4] C:\WINDOWS\System32\netfilt4.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Quang\LOCALS~1\Temp\94.tmp
O4 - HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Quang\LOCALS~1\Temp\7B.tmp3584.exe
O4 - HKCU\..\Run: [BraveSentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKCU\..\Run: [sndraw32] C:\WINDOWS\System32\sndraw32.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{046D00C5-D2E4-4F5E-8E17-BF06F77A2D2C}: NameServer = 85.255.116.30,85.255.112.95
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CD2E639-92EA-45C9-AA0C-F5E18AA84A63}: NameServer = 85.255.116.30,85.255.112.95
O17 - HKLM\System\CS1\Services\Tcpip\..\{046D00C5-D2E4-4F5E-8E17-BF06F77A2D2C}: NameServer = 85.255.116.30,85.255.112.95
O20 - Winlogon Notify: 2006reg - C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\2006.dll
O20 - Winlogon Notify: 3246762198745124975reg - C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\3246762198745124975.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll
O21 - SSODL: SysTray.Exsl - {6368D5FC-6F5C-4f5b-B164-E67214F67859} - C:\WINDOWS\System32\ijqlhhkb.dll
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\System32\agkfejpb.dll
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe
O23 - Service: Service Request Monitor - Dell Computer Corporation - C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RxMon.exe
 
There were a few small items to take care with the fix option. These are:
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file) This is often referred to as an "orphan". While this one is missing a file others will often load drivers without any program installed or leftover causing problems with others. A good registry cleaner like RegCleaner will remove most of these types automatically.
O4 - HKLM\..\Run: [windows] c:\temp\svchost.exe This should not be in a "C:\temp" folder. This looks like a trojan. The svchost.exe(MS original) would be found in a subfolder of Windows itself.
O4 - HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
is the actual location for the valid MS file.

Besides the above items to remove the Yahoo and Google toolbars for Internet Explorer can leave you wide open for adwares. You may want to run a good remover like AdAware SE Personal found at http://www.lavasoft.com
RegCleaner can downloaded free at http://www.majorgeeks.com/RegCleaner_d460.html
 
okay after gettin rid of that trojan

Logfile of HijackThis v1.99.1
Scan saved at 9:16:54 PM, on 7/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\ieredir.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\sndraw32.exe
C:\WINDOWS\System32\spoolsvv.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Windows\xpupdate.exe
C:\Program Files\Navnt\navapw32.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RxMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\TEMP\200C98A.tmp
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Quang\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [14.tmp] C:\DOCUME~1\Quang\LOCALS~1\Temp\14.tmp.exe
O4 - HKLM\..\Run: [15.tmp] C:\DOCUME~1\Quang\LOCALS~1\Temp\15.tmp.exe
O4 - HKLM\..\Run: [14.tmp.exe] C:\DOCUME~1\Quang\LOCALS~1\Temp\14.tmp.exe
O4 - HKLM\..\Run: [15.tmp.exe] C:\DOCUME~1\Quang\LOCALS~1\Temp\15.tmp.exe
O4 - HKLM\..\Run: [IE Redir] C:\WINDOWS\ieredir.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [RxUser] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [sndraw32] C:\WINDOWS\System32\sndraw32.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\RunServices: [sndraw32] C:\WINDOWS\System32\sndraw32.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Quang\LOCALS~1\Temp\94.tmp
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Quang\LOCALS~1\Temp\7B.tmp3584.exe
O4 - HKCU\..\Run: [BraveSentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - HKCU\..\Run: [sndraw32] C:\WINDOWS\System32\sndraw32.exe
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{046D00C5-D2E4-4F5E-8E17-BF06F77A2D2C}: NameServer = 85.255.116.30,85.255.112.95
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CD2E639-92EA-45C9-AA0C-F5E18AA84A63}: NameServer = 85.255.116.30,85.255.112.95
O17 - HKLM\System\CS1\Services\Tcpip\..\{046D00C5-D2E4-4F5E-8E17-BF06F77A2D2C}: NameServer = 85.255.116.30,85.255.112.95
O20 - Winlogon Notify: 2006reg - C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\2006.dll
O20 - Winlogon Notify: 3246762198745124975reg - C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\3246762198745124975.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O21 - SSODL: SysTray.Exsl - {6368D5FC-6F5C-4f5b-B164-E67214F67859} - C:\WINDOWS\System32\ijqlhhkb.dll
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe
O23 - Service: Service Request Monitor - Dell Computer Corporation - C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RxMon.exe
 
You still have an item missing but not urgent as you can see from R3 - Default URLSearchHook is missing
The rest of the log here besides running a Google toolbar is not showing anything else. Remember that HiJack This doesn't go through the entire registry however. For removing adware, spyware, and even the occasional browser hijacker one good one to keep onhand is the AdAware SE Personal free edition mentioned earlier.
Some other free version utilities like AVG 7.1, Ewido, you already have Spybot S+D, Window Defender beta 2 can be downloaded at the following links. Having more then one onhand can be a good help at times.
For AVG 7.1, http://free.grisoft.com/doc/2/lng/us/tpl/v5
For Ewido free spyware remover, http://free.grisoft.com/doc/ewido-anti-spyware-free/lng/us/tpl/v5
Microsoft's contribution to fighting off spyware, http://www.microsoft.com/downloads/...e7-da2b-4a6a-afa4-f7f14e605a0d&displaylang=en
For additional freewares along with a mix of sharewares, http://www.majorgeeks.com/downloads31.html
 
PC eye, you have no idea what you're talking about, there's all kinds of crap on here. And just because the log states "file missing" doesn't mean that it is.

spkenn5, download and install Cleanup.
http://www.stevengould.org/downloads/cleanup/CleanUp40.exe

Download, install, update and scan your system with the free version of Ewido Security Suite:
1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful"), exit Ewido and boot into safe mode:

Restart your computer, and begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.

Once in safemode, run Cleanup.

Now open Ewido, click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file. Please restart normally, then paste the contents of the text file to this thread, along with a new HijackThis log.
 
edifier said:
PC eye

I'm no expert but how can you say that.He still has multiple infections.
Click to expand...

I didn't state that there were multiple infections known to be there. The idea of using removers like those posted is to locate/remove anything HiJack This does not see. Those utilities also help to keep stuff off your system at times as well as locate things that are not even in the registry until something makes them active. The svchost.exe file found in C:\temp goes to show that it would have gone unnoticed if something didn't make that active along with creating new values in the registry itself. Something had to put it there?
 
What are the Best Tools for Removing Spyware, Adware, and Malware?

Buzz1927 said:
PC eye, you have no idea what you're talking about, there's all kinds of crap on here. And just because the log states "file missing" doesn't mean that it is.

spkenn5, download and install Cleanup.
http://www.stevengould.org/downloads/cleanup/CleanUp40.exe

Download, install, update and scan your system with the free version of Ewido Security Suite:
1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful"), exit Ewido and boot into safe mode:

Restart your computer, and begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.

Once in safemode, run Cleanup.

Now open Ewido, click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file. Please restart normally, then paste the contents of the text file to this thread, along with a new HijackThis log.
Click to expand...

I don't? :D
"Listed below you will find the best freeware programs available on the Internet for removing spyware, adware, and malware:

Adware and Spyware Removal

Lavasoft Ad-Aware SE 1.06
Spybot Search and Destroy 1.4
Microsoft Windows Defender

Ewido Anti-Malware
a² (a-squared) Scanner

Preventing the Installation of Adware and Spyware

SpywareBlaster 3.5.1
SpywareGuard 2.2

Specialized Removal Programs

About:Buster - Removal of CWS HomeSearch Hijacker or res:// hijacker
CWShredder 2.19 - CoolWebSearch Removal Tool from Trend Micro
Elite Toolbar Remover
I-Lookup Toolbar Uninstallers - Version 1 and Version 2
Incredifind and PerfectNav Uninstaller
Kill2Me - Removal of Look2Me infections
KillBox for removing files that are in use
Lop.com Uninstaller
OmegaKiller for removing hijackers like
Omegasearch.com Prosearching.com. Search200.com. Mysearchnow.com. Searchexe.com
SmitRem for removing Spyaxe, SpySheriff, Winhound and others
VX2.BetterInternet for XP/2000 for Removing Look2Me
VX2.BetterInternet for Windows 9X for Removing Look2Me
WildTangent Remover

Helpful Tools for Investigating Adware and Spyware Infections

HijackThis 1.99.1 by Merijn
SysInternals Process Explorer
Sysinterals RootkitRevealer

Online Virus Checkers
Trend Micro Housecall - will scan and remove threats
BitDefender Scan Online - will scan and remove threats
Ewido Online Scanner - will scan and remove threats
Jotti's Online Malware Scan
Kaspersky Online Scanner - appears to only scan for but not remove threats
Panda Activescan - appears to only scan for but not remove threats
McAfee FreeScan - appears to only scan for but not remove threats
eTrust Antivirus Web Scanner - will scan and remove threats
Symantec Security Check - will scan and remove threats
Dr.Web Online Check - user can upload and test for threats on particular files

Trojan Scanner
TrojanScan by WindowsSecurity.com

Free Antivirus Programs to Download
ANTI-VIR
AVAST
AVG

TCP/IP and Winsock Repair Utilities for Windows XP and 2000

LSPFix by Cexx.org
Winsock XP Fix
XP TCP/IP Repair utility

IEFix Utility for correcting Internet Explorer problems

Variety of Great Freeware Utilities for everything from Password Recovery Tools to Network Monitoring Tools and more.

If there are other spyware/adware removal tools that you think should be listed here, please email me.

Removal Instructions for Other Programs

Spyware Removal and Other Resources

Essential Tools for Removing Spyware, Adware, and Malware

How to Remove SurferBar
Bargain Buddy Removal Instructions and Help
Bonzi Buddy Removal
Click2FindNow and I-Lookup Removal
Comet Cursor Removal
Date Manager Removal
Spyaxe, Spy Trooper, Spy Sheriff, Brave Sentry and Similar Removal Instructions and Help
Alfacleaner Removal Instructions and Help
About:Blank Homepage Hijacker Removal Instructions and Help
Kazaa Removal Instructions and Help
res://random.dll Homepage Hijacker Removal Instructions and Help
IBIS Web Search (websearch.com) Removal Instructions and Help
Open Search Web (Lop.com) Removal Instructions and Help
UPDMGR.EXE Removal Instructions and Help
FCADVICE.EXE Removal Instructions and Help
Dubolom.com Homepage Hijacker Removal Instructions and Help
DSO Exploit Removal Instructions and Help
FastSearch.cc Homepage Hijacker Removal Instructions and Help
My Web Search Removal Instructions and Help
Cursor Mania Removal Instructions and Help
Fun Buddy Icons Removal Instructions and Help
Smiley Central Removal Instructions and Help
My Mail Stamps Removal Instructions and Help
My Mail Stationery Removal Instructions and Help
My Mail Signatures Removal Instructions and Help
Fun Web Products Popular Screensavers Removal Instructions and Help
Gator Software Removal
Hugesearch.net Homepage Hijacker Removal Instructions and Help
Search-Space.com and Start-Space.com Homepage Hijacker Removal Instructions and Help
How to Remove Global-Finder.com Homepage Hijacker
Globaltoolbar Removal
GoHip Software Removal
HotBar Toolbar Removal
Huntbar and Search Toolbar Info and Removal
Look2Me Removal Instructions and Help
Lookfor.cc (res://mshp.dll/index.html) Homepage Hijacker Removal Instructions and Help
MaximumSearch.net Homepage Hijacker Removal Instructions and Help
Ncase Removal Instructions and Help
People OnPage Toolbar Info and Removal
Precision Time Removal
Prolivation.com Removal
SaveNow and NewDotNet Removal
SearchMyRequest.com Homepage Hijacker Removal Instructions and Help
Smartsearch.ws Homepage Hijacker Removal Instructions and Help
SysUpd.exe (TSCash) Removal Instructions and Help
Ezula TopText (yellow underlined links) Removal Instructions and Help
How to Remove SpeedBlaster and MemoryMeter
TopRebates and WebRebates Removal Instructions and Help
Twaintec.dll Removal Instructions and Help
WeatherBug Removal
WildTangent Removal Instructions and Help
WinTools Removal Instructions and Help
Xupiter Removal
Xzoomy.com Removal
ZY Web Search (db105.com) Removal" And these are just a few. http://www.pchell.com/support/spywaretools.shtml
 
PC eye

HijackThis is not just a removal tool but most importantly, a diagostic tool and should be used as part of the cleaning process, not as the cleaning process.If your going to respond to someone's infected log, then you have to offer more than what your giving.I responded earlier because the impression you were giving was that there was nothing serious in his log, but there was.And 'Buzz' is correct.Just because it says 'file missing', doesn't mean it is.And if you follow any log cleaning by malware experts, have you not noticed that they never use 'Adaware'.It's better than nothing but is generally not an effective program anymore.Don't know what you were trying to accomplish in your last post but your goal should be to read through someone's infected log and then decide and suggest which of those many programs/fixes you just listed is the proper ones to remove the infection.Not the way your responding to logs now.
 
edifier said:
PC eye

HijackThis is not just a removal tool but most importantly, a diagostic tool and should be used as part of the cleaning process, not as the cleaning process.If your going to respond to someone's infected log, then you have to offer more than what your giving.I responded earlier because the impression you were giving was that there was nothing serious in his log, but there was.And 'Buzz' is correct.Just because it says 'file missing', doesn't mean it is.And if you follow any log cleaning by malware experts, have you not noticed that they never use 'Adaware'.It's better than nothing but is generally not an effective program anymore.Don't know what you were trying to accomplish in your last post but your goal should be to read through someone's infected log and then decide and suggest which of those many programs/fixes you just listed is the proper ones to remove the infection.Not the way your responding to logs now.
Click to expand...

You seemed to have missed one.
"Helpful Tools for Investigating Adware and Spyware Infections
HijackThis 1.99.1 by Merijn"

AdAware SE Personal also finds and can remove registry values created by adwares and even browser hijackers. RegCleaner will remove orphanned reg values that are no longer associated to a file whether it is missing or somehow made inactive. You can have a driver right there on the drive with a registry failing to load it properly requiring a reinstallation to make it active. The svchost.exe found in a C:\temp folder with a slight change in spelling is the scvhost.exe virus. http://www.auditmypc.com/process/scvhost.asp
 
sorry guys i wasnt able to start my comp so i had to use my friend's comp.. i'll do that wen i get home..

ill keep it posted.

thanks
 
You may have to do a repair install if you are not able to get it running. But I'm glad you are able to get back here. In regards to the svchost.exe file found in the temp folder by itself would be odd. Finding a registry value pointing to start it there shows something definitely wrong. The scvhost.exe change in spelling is one type of trojan downloader. The description of that is simply explained as
"Description: scvhost.exe is a process which is registered as the W32/Agobot-S virus. This Trojan allows attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately. Please see additional details regarding this process
For More Info About scvhost.exe - Get WinTasks 5 Pro Now!

Recommendation: DISABLE AND REMOVE IMMEDIATELY. This process is most likely a virus or trojan.
To get control over your running programs we suggest WinTasks" http://www.processlibrary.com/directory/files/scvhost/
If you are able to get it running long enough you may want to remove that Google toolbar as well. Many of those leave your system wide open for a number of things. Hopefully you can get your drive cleaned up with a few programs with or without WinTasks. That was just one reference.
 
You must log in or register to reply here.
Back
Top