Help!!! I think my system is full of viruses

[nemishdmehta]

Hi guys

sorry for posting it as azip file but whenever i was trying to upload the file as a txt attachment it was giving me an error saying "The page you are looking for might have been removed, had its name changed, or is temporarily unavailable".

I think my system is full of viruses, and that is why the systems performance is going down by the day, so plz help asap.

I have attached the hjt log file plz have a look

 

[RealBlackStuff]

Try these:
http://uk.trendmicro-europe.com/consumer/products/housecall_launch.php

http://www.pandasoftware.com/activescan/com/activescan_principal.htm



Follow these instructions EXACTLY and put HijackThis in e.g. C:\Program Files\HJT and NOT in Temp or on the Desktop!.
Read: How to remove Begin2Search/Coolwebsearch and Other Nasties

Read: How to remove Trojans and its ilk!

Then Read: How to post your Hijackthis log-files as an attachment.

 

[nemishdmehta]

thanks, for the reply, i will post the hjt log file as soon as i complete scanning

 

[nemishdmehta]

hi

I am attaching my hjt log file after the following the steps u have told me to follow

 

[RealBlackStuff]

Boot in Safe Mode. Run HJT and place a tick-mark in the little square before:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.100.100:80
O8 - Extra context menu item: Download Links As... - file://C:\WINNT\system32\page.htm
O8 - Extra context menu item: Download Target(s) As... - file://C:\WINNT\system32\link.htm
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
Fix ALL your O16 - DPF: entries
Unless these IP-numbers are from your ISP, fix these O17s
O17 - HKLM\System\CCS\Services\Tcpip\..\{118093F0-72CC-4F61-BF91-DCCC49D67937}: NameServer = 203.197.12.60,202.54.1.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{118093F0-72CC-4F61-BF91-DCCC49D67937}: NameServer = 203.197.12.60,202.54.1.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{118093F0-72CC-4F61-BF91-DCCC49D67937}: NameServer = 203.197.12.60,202.54.1.10
O23 - Service: BusinessC (BusinessContinuity) - Unknown owner - C:\WINNT\msstl.exe (file missing)
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - E:\oracle\ora92\Apache\Apache\apache.exe" --ntservice (file missing)
O23 - Service: restore - Unknown owner - C:\WINNT\restore.exe (file missing)
O23 - Service: AntiSpyUltra (Zonelaps) - Unknown owner - C:\WINNT\vsmom.exe (file missing)

Now click on the Fix Checked button in HJT. Exit HJT.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
XP/ME only: Delete ALL files from C:\WINDOWS\Prefetch.
Boot normal.