Help!!! I think my system is full of viruses

By nemishdmehta
Nov 3, 2005
  1. Hi guys

    sorry for posting it as azip file but whenever i was trying to upload the file as a txt attachment it was giving me an error saying "The page you are looking for might have been removed, had its name changed, or is temporarily unavailable".

    I think my system is full of viruses, and that is why the systems performance is going down by the day, so plz help asap.

    I have attached the hjt log file plz have a look :confused:
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

  3. nemishdmehta

    nemishdmehta TS Rookie Topic Starter

    thanks, for the reply, i will post the hjt log file as soon as i complete scanning
  4. nemishdmehta

    nemishdmehta TS Rookie Topic Starter


    I am attaching my hjt log file after the following the steps u have told me to follow
  5. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Boot in Safe Mode. Run HJT and place a tick-mark in the little square before:
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
    O8 - Extra context menu item: Download Links As... - file://C:\WINNT\system32\page.htm
    O8 - Extra context menu item: Download Target(s) As... - file://C:\WINNT\system32\link.htm
    O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - (file missing)
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O15 - Trusted Zone: (HKLM)
    Fix ALL your O16 - DPF: entries
    Unless these IP-numbers are from your ISP, fix these O17s
    O17 - HKLM\System\CCS\Services\Tcpip\..\{118093F0-72CC-4F61-BF91-DCCC49D67937}: NameServer =,
    O17 - HKLM\System\CS1\Services\Tcpip\..\{118093F0-72CC-4F61-BF91-DCCC49D67937}: NameServer =,
    O17 - HKLM\System\CS2\Services\Tcpip\..\{118093F0-72CC-4F61-BF91-DCCC49D67937}: NameServer =,
    O23 - Service: BusinessC (BusinessContinuity) - Unknown owner - C:\WINNT\msstl.exe (file missing)
    O23 - Service: OracleOraHome92HTTPServer - Unknown owner - E:\oracle\ora92\Apache\Apache\apache.exe" --ntservice (file missing)
    O23 - Service: restore - Unknown owner - C:\WINNT\restore.exe (file missing)
    O23 - Service: AntiSpyUltra (Zonelaps) - Unknown owner - C:\WINNT\vsmom.exe (file missing)

    Now click on the Fix Checked button in HJT. Exit HJT.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
    Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
    XP/ME only: Delete ALL files from C:\WINDOWS\Prefetch.
    Boot normal.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...