cmd is not a win32 application
- Thread starter sirish007
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Your system has some very nasty infections and you`re running an outdated version of HijackThis.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.
Also, let me know the results of the AVG Antirootkit scan.
Regards Howard
This thread is for the use of sirish007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.
Also, let me know the results of the AVG Antirootkit scan.
Regards Howard
This thread is for the use of sirish007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Ok, no problem.
You need to follow all the instructions, then post all the requested logfiles. I have therefore removed your HJT log so that you can post a fresh HJT log after you`ve completed the instructions.
Regards Howard
This thread is for the use of sirish007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
You need to follow all the instructions, then post all the requested logfiles. I have therefore removed your HJT log so that you can post a fresh HJT log after you`ve completed the instructions.
Regards Howard
This thread is for the use of sirish007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
is combo fix safe to use
http://www.computing.net/security/wwwboard/forum/20700.html
i am using trend micro 2007 it is not giving me virus treat's
http://www.computing.net/security/wwwboard/forum/20700.html
i am using trend micro 2007 it is not giving me virus treat's
howard_hopkinso
Posts: 21,238 +17
Combofix is perfectly safe. the article you link to has obviously gotten the wrong end of the stick. Combofix was the object of a rootkit attack that had the potential to cause a users system to have it`s hard drive wiped. The author of Combofix pulled it from public use until he found a fix for the problem. See this thread HERE for further info.
Post all the requested logfiles.
Regards Howard
This thread is for the use of sirish007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Post all the requested logfiles.
Regards Howard
This thread is for the use of sirish007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
You should never run more than one antivirus programme as it can cause serious conflicts.
All items in your AVG Antispyware log say "Ignored". That`s because you haven`t told AVG Antispyware to quarantine it`s results as per the instructions. See this pictorial guide.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
save
DAP
DAEMON Tools SearchBar
Close control panel.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
Windows Update
msconfig
icq lite
Update Checker
AntiVir
[]
Power Manager (PowerManager)<Disable the service name and/or the name in brackets.
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
Save.exe
scvhost.exe<Not to be confused with svchost.exe
Search.exe
PowerReg Scheduler V3.exe
Update.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 216.255.64.150:80
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe
O1 - Hosts: 203.27.235.25 www.payseal.icicibank.com
O1 - Hosts: 210.210.19.82 www.sifymall.com
O2 - BHO: (no name) - {43298275-B5EB-440D-89AA-BD431033F2C6} - C:\WINDOWS\system32\PortablfDeviceClassExtension.dll (file missing)
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\DAEMON Tools SearchBar\search.dll
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\PCODEC\iesplugin.dll (file missing)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\PROGRA~1\DAP\dapiebar.dll (file missing)
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [{7CE8BB7F-0B76-1033-1110-050716040001}] "C:\Program Files\Common Files\{7CE8BB7F-0B76-1033-1110-050716040001}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Dictionary - http://files.db3nf.com/scripts/ie.htm
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there) Only in these locations..
C:\WINDOWS\svchost.exe
PowerReg Scheduler V3.exe<Search your system for this file and delete all instances found.
C:\Program Files\Save<Delete the entire folder.
C:\WINDOWS\scvhost.exe
C:\Program Files\Common Files\{7CE8BB7F-0B76-1033-1110-050716040001}<Delete the entire folder.
D:\PROGRA~1\DAP<Delete the entire folder.
C:\Program Files\DAEMON Tools SearchBar<Delete the entire folder.
Reboot into normal mode and rehide your protected OS files.
Post fresh AVG Antispyware and HJT logs.
Regards Howard
This thread is for the use of sirish007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
All items in your AVG Antispyware log say "Ignored". That`s because you haven`t told AVG Antispyware to quarantine it`s results as per the instructions. See this pictorial guide.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
save
DAP
DAEMON Tools SearchBar
Close control panel.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
Windows Update
msconfig
icq lite
Update Checker
AntiVir
[]
Power Manager (PowerManager)<Disable the service name and/or the name in brackets.
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
Save.exe
scvhost.exe<Not to be confused with svchost.exe
Search.exe
PowerReg Scheduler V3.exe
Update.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 216.255.64.150:80
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe
O1 - Hosts: 203.27.235.25 www.payseal.icicibank.com
O1 - Hosts: 210.210.19.82 www.sifymall.com
O2 - BHO: (no name) - {43298275-B5EB-440D-89AA-BD431033F2C6} - C:\WINDOWS\system32\PortablfDeviceClassExtension.dll (file missing)
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\DAEMON Tools SearchBar\search.dll
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\PCODEC\iesplugin.dll (file missing)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\PROGRA~1\DAP\dapiebar.dll (file missing)
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [{7CE8BB7F-0B76-1033-1110-050716040001}] "C:\Program Files\Common Files\{7CE8BB7F-0B76-1033-1110-050716040001}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Dictionary - http://files.db3nf.com/scripts/ie.htm
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there) Only in these locations..
C:\WINDOWS\svchost.exe
PowerReg Scheduler V3.exe<Search your system for this file and delete all instances found.
C:\Program Files\Save<Delete the entire folder.
C:\WINDOWS\scvhost.exe
C:\Program Files\Common Files\{7CE8BB7F-0B76-1033-1110-050716040001}<Delete the entire folder.
D:\PROGRA~1\DAP<Delete the entire folder.
C:\Program Files\DAEMON Tools SearchBar<Delete the entire folder.
Reboot into normal mode and rehide your protected OS files.
Post fresh AVG Antispyware and HJT logs.
Regards Howard
This thread is for the use of sirish007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Delete all files in AVG Antispyware quarantine.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
IEInspector
HTTPAnalyzerStdV2
Close control panel.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
HttpAnalyzer CodeHook service
Power Manager (PowerManager)<Disable the service name and/or the name in brackets.
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
InjectWinSockServiceV2.exe
hpprintqueue.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 216.255.64.150:80
O4 - HKLM\..\Run: [KIT3] C:\WINDOWS\system32\spool\hpprintqueue.exe
O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe
O23 - Service: HttpAnalyzer CodeHook service (HttpAnalyzer DllInjectService) - Unknown owner - C:\Program Files\IEInspector\HTTPAnalyzerStdV2\InjectWinSockServiceV2.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\svchost.exe
C:\Program Files\IEInspector<Delete the entire folder.
C:\WINDOWS\system32\spool\hpprintqueue.exe
C:\WINDOWS\system32\ccrpbds6.dll
C:\WINDOWS\system32\msfDX.dll
C:\WINDOWS\system32\fxtls532.dll
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard
This thread is for the use of sirish007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Delete all files in AVG Antispyware quarantine.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
IEInspector
HTTPAnalyzerStdV2
Close control panel.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
HttpAnalyzer CodeHook service
Power Manager (PowerManager)<Disable the service name and/or the name in brackets.
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
InjectWinSockServiceV2.exe
hpprintqueue.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 216.255.64.150:80
O4 - HKLM\..\Run: [KIT3] C:\WINDOWS\system32\spool\hpprintqueue.exe
O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe
O23 - Service: HttpAnalyzer CodeHook service (HttpAnalyzer DllInjectService) - Unknown owner - C:\Program Files\IEInspector\HTTPAnalyzerStdV2\InjectWinSockServiceV2.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\svchost.exe
C:\Program Files\IEInspector<Delete the entire folder.
C:\WINDOWS\system32\spool\hpprintqueue.exe
C:\WINDOWS\system32\ccrpbds6.dll
C:\WINDOWS\system32\msfDX.dll
C:\WINDOWS\system32\fxtls532.dll
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard
This thread is for the use of sirish007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Similar threads
Latest posts
-
Google is cracking down on third-party apps that block YouTube ads- Athlonite replied
-
Boston Dynamics unveils impressive all-electric Atlas robot- p51d007 replied
-
New charging algorithm could double life of li-ion batteries- Endymio replied
