HijackTis logfile

[mystiqu]

[Edit: updated hijackthis log file]
Hi all

After 1 year of misuse (my younger brothers and sisters computer) it´s time to clean (or at least try to) this system!

I´m currently following the "cleaning guide" in this forum, and here is a hijackthis logfile for you

I have already removed an extremly nasty rootkit infection which almost caused me to give up and format the disk: Backdoor.Rustock.B

Great guide btw!!

Thanks in advance

[Edit]
Following removers executed:

AdAware
AVG Anti-rootkit
AVG Antispyware
AVG Antivirus (Full system scan)
Combofix
CrapCleaner
Error Killer
Look2Me Destroyer
SmitFraudFix 2.188
Spybot S&D
Spyware Dr
Virtual Be Gone
Vundofix
[/Edit]

/Mikael

 

[kitty500cat]

Hi and welcome to TechSpot.

Run HijackThis and scan with it. Place a check in the box next to the following entries (if there):

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O21 - SSODL: siren.dll - {72817324-5351-131a-57ed-92d682644311} - (no file)

Click the Fix Checked button and then close HijackThis.

Now go and read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread, only after doing the above. Also post here the results of the AVG Antirootkit scan.

Regards

This thread is for the use of mystiqu only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.

 

[mystiqu]

New log files

Hi - Thanks for the reply!

I have followed all the steps and attached new log files from hjt, avg antispyware and combofix.

AVG anti-rootkit did not find anything.

Regards
Mikael

 

[kitty500cat]

Please visit this link http://virusscan.jotti.org/
* Click the Browse... button
* Navigate to the following files:
C:\WINDOWS\system32\Partizan.exe
C:\dumdvdkernl.sys
C:\WINDOWS\system32\lttdll.dll
C:\WINDOWS\system32\pureplug.dll
C:\WINDOWS\system32\lttusb.dll
* Click Open
* Please let me know the results.

 

[mystiqu]

So far so good

Hi - sorry for the late reply!

But here are the results:

C:\WINDOWS\system32\Partizan.exe : Nothing Found
C:\dumdvdkernl.sys : Nothing Found
C:\WINDOWS\system32\lttdll.dll : Nothing Found
C:\WINDOWS\system32\pureplug.dll : Nothing Found
C:\WINDOWS\system32\lttusb.dll : Nothing Found

So far so good - anything else you want me to do?

Btw, thanks for all the help!


Regards
Mikael

 

[kitty500cat]

Please have Jotti check the following file yet:

C:\WINDOWS\system32\reboot.exe

Let me know what you find out on that. If that's good, your system is clean.

Regards

 

[mystiqu]

Clean and 100 times faster

Hi

The file was clean

Btw - The computer is aobut 100 times faster and more responsive now than is was a few days ago... feels like I just reinstalled windows or something

Thanks for all the help!

Regards
Mikael

 

[kitty500cat]

No problem mate.

Have HijackThis fix the following inactive entry yet:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Turn off system restore (XP/ME only). See how HERE
This will remove all the remaining nasties from your old restore points.

Now turn system restore back on.
This will create a new safe and clean restore point for your system.

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article. This can help to prevent future infections.

Regards

This thread is for the use of mystiqu only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.