Is my system clean?

By Zalemam · 19 replies
Dec 7, 2008
  1. Hey i hope you guys can help me with this problem,
    I'm having a problem where i cant login to gmail, facebook, hotmail, yahoo or anything like that. After hours of searching the internet i think that i have some type of virus in my PC and Im not sure what it is. Its really frustrating if anyone can help me it would be much appreciated.

    I have uploaded my hijack this log if it helps...

    Thank You
    Zaid Alemam

    I forgot to add this piece of information.
    I had the Zlob trojan on my pc and i got rid of it yesterday, after i got rid of the virus I was not able to log into gmail or hotmail, facebook etc... basically anything that needed an email and password.

    attached SAS

    Attached Files:

  2. Zalemam

    Zalemam TS Rookie Topic Starter Posts: 43

    no help????:confused:
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    You left out one of the most important malware cleaning programs> Malwarebytes. We need that to remove more of what SAS found.

    Please follow the Steps here:

    You have a great many Tracking Cookies.: Have SAS remove them.
    Reset Cookies:
    Please advise: have you set an Internet Explorer homepage as a blank page?
    Please reopen HijackThis and CHECK the boxes by the following:
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot.

    You must also decide whether you want to run the Kaspersky Internet Security or Symantec processes . You should not have both. IF you are through with Symantec, the Services need to be disabled and the Norton Removal Tool applied.a Service loading for Symantec:
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PRO[/QUOTE]GRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    And please be patient. There are way more people with infected systems than there are volunteer helpers. We do the best we can.I will go through all three logs when you have finished. We will have additional changes to make.
  4. Zalemam

    Zalemam TS Rookie Topic Starter Posts: 43

    Ok thank you I will get started on it tommorow and post up new logs. I appreciate your help
  5. Zalemam

    Zalemam TS Rookie Topic Starter Posts: 43

    Downloaded and Installed, ran full scan

    Reset Cookies and installed adblocking to fire fox

    I have not set it to blank page my IE doesn't work...

    Checked and fixed...log has been attached.

    Uninstalled Symantec.

    Scanned with Malwarebytes-Log Attached
    Scanned with SAS-Log Attached
    Scanned with Highjack This-Log Attached

    I think my pc is clean now...Facebook, Gmail, Hotmail Etc... all working now.
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    -> No action taken on MBAM scan, for found issues
    Please re-run Malwarebytes
    Confirm updated (third tab)
    Then do the above quoted message, but this time "Remove all found issues"
  7. Zalemam

    Zalemam TS Rookie Topic Starter Posts: 43

    It wouldn't let me update anything because it was blocked off from the internet once it cleaned a couple of things i was able to update it. I will post a new log tomorrow.
  8. Zalemam

    Zalemam TS Rookie Topic Starter Posts: 43

    how does it look now??
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Better this time :grinthumb
    Actually if you update it, and run it again, it will find the ones that were hidden too :)
    I'd do it
  10. Zalemam

    Zalemam TS Rookie Topic Starter Posts: 43

    I was able to update it scanning right now
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    When Mbam is finished, scan with SuperAntispyware and HijackThis again- attach all three logs.

    You have way too many Services starting automatically. I have made a list form the first HijackThis logs and will go over them after seeing the new logs.

    You have multiple malware infections. We need to make sure we're finding and removing them all.
  12. Zalemam

    Zalemam TS Rookie Topic Starter Posts: 43

    Ok i updated Mbam and SAS.
    Ran full scans with both programs.
    Finally ran Highjack this.
    And the results.....
  13. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Other than stacks of startups (I have one, you have 27 startups, and this is not including startup services!)

    There is no Malware as such

    You may want to have a look at Startup Control Panel to remove some of those unnecessary startups
    Or re-open HJT and tick any 04 entry that you just don't want starting with your computer, then remove them, or un-install the application (ie Ad-aware; Daemon tools etc etc)

    It's also very difficult to read logs like these too, the log is just too big.
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Okay, let's get the Cookies under control:
    Have SAS remove the Tracking Cookies: Click on lower left image here to see what to check:

    Reset Cookies in Firefox:
    Please get the following add-ons for Firefox:
    AdBlock Plus: [/QUOTE]
    Easy List: (get all three)

    Easy List is a filter that works with ADP. It will block the tracking Cookies.

    You should also check in IE: Tools> Internet Options> Security tab> Trusted zone> Sites> remove either of the following from the Sites in the Trusted Zone:

    Now go the Restricted Sites> Sites and type each of these in and Add:

    Regarding your Startups: The ONLY processes that need to start on boot are the antivirus, firewall and touchpad if on laptop. All else, including printer, can be started manually when needed. I only have 3> the AV, touchpad and network process.

    You also have way too many Services set to Automatic. Only a few need this setting. Most can be set to Manual to only start when needed and some can be disabled. Use the following site for reference and see if you can stop some of them from starting on boot. When you work on the services, it's best done in Safe Mode. ALWAYS check the Dependency tab for any other Services that may need to be running:

    Regarding Startups and services set to Automatic: the reason we suggest minimizing these is because the fewer connections you have to the internet, the safer you are. When programs startup and check for updates, they connect every time.

    I'm not real pleased with the Mbam log as it shows you picked up new and different malware on the second run. While it was removed, it means you still have a security problem.
  15. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    First of all, nicely done Bobbye.

    Just a note on MBAM detections: those may have been picked up if they updated the definitions prior to the latest scan.

    Also, before stating the OP is clean how about looking a little deeper in the registry or at least doing an online scan
  16. Zalemam

    Zalemam TS Rookie Topic Starter Posts: 43

    I got the Addblock plus and im gonna run another scan in a moment

    Thats the problem i don't know what i should disable and what I should keep running.
  17. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    This will do for a start!
  18. Zalemam

    Zalemam TS Rookie Topic Starter Posts: 43

    Scanned again with sas
  19. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    alright, you are running in circles

    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Thank you Blind Dragon and Kimsland for your assistance.

    Zalemam, when you have finished with Combo Fix, since you have Kaspersky, let's do an online scan using BitDefender. Please download from here>
    Save> then run the scan. Let us know the results.

    When you have finished running the additional programs and want to pare down the startup:
    The ONLY process that needs to be checked is for Kaspersky:
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

    And this Service needs to stay on Automatic:
    O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

    ALL of the following 023 Services showing can be reset to Manual: Boot into Safe Mode:
    Start> Run> Services.msc> right click on each of the following> Properties> Change Startup to Manual:

    A NOTE on changing Service Startup types: ALWAYS check the Dependency tab. This is why it's best to make changes in Safe Mode. Some Services need other Services running to start- that's what the Dependency tab is for. Take your time, be sure any Dependent Services are set to at least Manual for Services that are set to Automatic. When you change too Manual, the Dependent Services can also beset to Manual.

    Another NOTE: Changing a Service Startup type to Manual means it will start when needed, rather than at boot (if not needed). Services set to Automatic will start on boot and run in the background. One of your Services, stllssvr - (SureThing Shared), for instance is for CD labeling.You don't need that running in the background- only when you want to make the label.

    I am uncertain about the following Services. There is a down-loadable program called Browser defender that uses the Firebird Guardian database and server. Whether these Services need to automatically start on boot is uncertain:
    Hopefully I haven't thrown too much at you at one time! So many people don't realize that virtually everything puts itself on startup automatically and that most Services come set to Automatic. But both areas can be customized to save startup time, increase surf time and shorten shutdown time. I usually have some very happy campers once these areas have been handled.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...