viruses or something

i think i have viruses or somethin, i dont no much about hjt log but here mine is,i dont no if i did it right or not (im not that techincal) ive download ad aware se spybot search and destroy ewido and free virus scan things also zonealarm i used its virus scanner got one said it got it and it did and everything was working fine... but it came back, now the free online virus scanners say i have this >Trojan-Downloader.BAT.Ftp.ab and this < or somethin.. i dont no how to get rid of it or whatevers causing my internet to slow down..,.. telling me whats wrong and what i need to do would be much apreciated, ty in advance

Read this and follow all of the instructions.

http://www.techspot.com/vb/topic50981.html

Then post you HJT log if it doesn't work.

If it does work you need to get Service Pack 2 for XP.

Hello and welcome to Techspot.

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

IRC Client

close the services window.


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

updated.exe
Scheduler.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

O4 - HKLM\..\RunServices: [IRC Client] updated.exe

O4 - HKCU\..\Run: [IRC Client] updated.exe

O4 - Startup: PowerReg Scheduler.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{01E6BFDA-8E19-441E-B9F7-7AB0D8959890}: NameServer = 205.171.3.65 205.171.2.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{01E6BFDA-8E19-441E-B9F7-7AB0D8959890}: NameServer = 205.171.3.65 205.171.2.65<Only fix these 017 entries, if they don`t belong to your ISP.

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

updated.exe

Reboot into normal mode and turn system restore back on.


Regards Howard :wave: :wave:

Sorry fastco. Our posts have obviously crossed.

ty ill try that and tell ya how it went

virus check

could u check if i got rid of all the nasties if not could u help... ty in advance

Your HJT log is now clean.

You are running a completely unpatched version of Windows.

Now would be a good time to install one of the Windows service packs. At least sp1 and preferably sp2. Otherwise your security is likely to be compromised again, sooner rather than later.

Regards Howard