My HijackThis log - help please

[davidw9785]

Hey guys, attached is my HJT log along with my ComboFix log (the AVG Antispyware log was too large to attach in one file. Please let me know if I need to attach it in multiple .txt files). Are there any problems that need fixing? how do I go about fixing them?

(Note: since following the instructions and using the multiple antivirus and antispyware programs I no longer have the annoying system tray icon "System Alert!")

Are there still problems that have not been dealt with yet?

Thank you very much,
Dave

 

[howard_hopkinso]

Hello and welcome to Techspot.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Viewpoint
Viewpoint Manager
Video Access ActiveX Object

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ALCMTR.EXE
ViewMgr.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Video Access ActiveX Object<Delete the entire folder.
C:\windows\ALCMTR.EXE
C:\Program Files\Viewpoint<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Go HERE and follow the instructions for running the Ccleaner programme in step9.

Run another AVG Antispyware scan as per the instructions in the above link.

Attach a fresh HJT log as well as the AVG Antispyware log.

Let me know the results of the AVG Antirootkit scan, instructions are in the above link.

Regards Howard :wave: :wave:

This thread is for the use of davidw9785 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[davidw9785]

Thanks Howard,

I've done what you said. AVG Anti-Rootkit didn't find anything.

Attached are the new HJT log file and the AVG Anti-Spyware log file.

Again, thanks for your help,
Dave

 

[howard_hopkinso]

Click start/run and type cmd into the run box.

At the command prompt, copy and paste the following and press the enter key.

del \\?\c:\recycler\nprotect\*.*

Follow the prompts, then type exit and press the enter key.

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT log.

Run a fresh AVG Antispyware scan and attach the log, only if it finds anything.

Regards Howard

This thread is for the use of davidw9785 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[davidw9785]

Thanks for your continued help Howard. I did as you said, but Avenger didn't find the ActiveX object. The Avenger log file is attached as well as the HijackThis log.

The AVG Antispyware scan found a lot (53) of tracking cookies but no serious threats. Tranking cookies aren't anything to be worried about are they? I attached the scan log anyway.

Thanks again,
Dave

 

[howard_hopkinso]

Your HJT log is clean.

Tracking cookies are not something you should be unduly worried about.

Run the Ccleaner programme as per step9 of the instructions HERE.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of davidw9785 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[davidw9785]

Howard, thanks so much. You have been a tremendous help and I really appreciate it.

Cheers,
Dave

 

[davidw9785]

Hi again Howard. I think my system has been infected with a new virus. I've been getting IE pop-up ads. I've followed the instructions and attached my HJT log as well as combofix and AVG Antispyware logs. Your help is much appreciated.

Thanks,
Dave

 

[momok]

Hi,

You are running an outdated version of HijackThis.

Please go to this thread HERE.

I also noticed that your AVG log displays 'No Action Taken' for all the files detected.

I suggest you run AVG again and quarantine the files. Pictorial instructions HERE.

You may wish to copy and paste these instructions on notepad for easier reference later.

Download the Pocket Killbox from HERE. Extract it but don`t run it yet.

Boot into safe mode under your normal user name. See how HERE

Next turn on "Show all files and folders, including hidden and system". See how HERE

Go to start > run and type services.msc. Press the enter key.
Search for the following services(if there) double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

InfoData

Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:

slpbnaxt.dll

After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\slpbnaxt.dll",realset

Close HJT.

Run the killbox program which you downloaded. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. (You can copy and paste the filepaths)

C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\pmnnm.dll.vir
C:\WINDOWS\system32\slpbnaxt.dll
C:\WINDOWS\system32\mnnmp.bak1
C:\WINDOWS\system32\khfggdb.dll.vir

Reboot into normal mode and rehide your protected OS files.

Also, I would like you to visit this link http://virusscan.jotti.org/

Click the Browse... button and navigate to the following file:
C:\WINDOWS\system32\uninstallelectricsheep.exe
Click Open

Please let me know the results.

Thereafter, please post a fresh HJT and AVG Antispyware log from normal mode as an attachment into this thread.


Regards,
Your friendly Momok =)

This thread is for the use of davidw8795 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[howard_hopkinso]

Hi momok.

The following files are all part of Smitfraud fix and are not malicious. If you download and run Smitfraudfix, you will find all these files in the Smifraudfix folder. There are a total of 13 files in that folder

C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\SrchSTS.exe

Regards Howard

This thread is for the use of davidw8795 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[davidw9785]

Hi Momok, I've followed your instructions and attached an AVG Antispyware log as well as a fresh HJT log.
I was not able to find InfoData in the services list nor was slpbnaxt.dll found in task manager. But I did fix the entry you listed in HijakThis.
As far the file you told me to look up, it is not a virus. Ive copied the results from the jotti scan and attached them as a file in case you want to see them.

Thanks,
Dave

***My ComboFix log is now attached***

 

[howard_hopkinso]

Your HJT log is clean mate.

Run the Ccleaner programme as per step9 of these instructions.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of davidw9785 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[momok]

Hi,

Your HijackThis log look clean.

Sorry, I realised I hadn't asked you to post a ComboFix log too. Could you post a fresh one from normal mode? Just edit your post will do.

Regards,
Your friendly Momok =)

This thread is for the use of davidw9785 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[davidw9785]

Combofix log is posted ^^

 

[momok]

Hi,

Your logs are very clean =)

You'd do well to follow Howard's instructions on system restore. After that you're good to go.


Regards,
Your friendly Momok =)

This thread is for the use of davidw9785 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[davidw9785]

Ahhh, that's great to hear. Thanks for your help

Dave