I've got infected

[Cool Buddy]

I'm getting the following error whenever I use the up button in windows explorer:

Some dangerous viruses detected in your system. Microsoft Windows XP files corrupted.
This may lead to the destruction of important files in C:\WINDOWS. Download protection software now!

Click OK to download the antispyware. (Recommended)

How to remove this? ESET is not detecting any viruses in the PC though its updated.

 

[VarDOS]

Try Hijack This.........It will work

 

[thewisecrab]

It is not a virus...its spyware.
Download And Install spybot Search and Destroy and scan your PC.
Here is the link:
*www.filehippo.com/download_spybot_search_destroy/
ESET NOD32 is only for viruses....

 

[Cool Buddy]

I've attached the hijack this log file

 

[thewisecrab]

The attachment system is not working on this forum. Just copy paste the report in your post.
And I'm saying it's not a virus. Refer to my earlier post for Downloading Spybot. Install it and update it. Run the scan and you are clean

 

[red_devil]

	Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23:23, on 06/11/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///E:/Documents/homepage/homepage.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0575D86E-C7A3-476B-9DC1-A5CB1818E750} - (no file)
O2 - BHO: (no name) - {05F90A2A-CB4C-4471-AD98-BF0A42D1320D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2230922E-4186-4E48-B611-A08673AB4B68} - (no file)
O2 - BHO: (no name) - {24761BF2-A4B8-43D4-B7F7-3872C77C59EE} - (no file)
O2 - BHO: (no name) - {2A2909FB-3224-470E-98E1-655E1FCF2307} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {3B1901EC-81CC-465C-8244-96ED1E24C532} - (no file)
O2 - BHO: (no name) - {3eed9ae9-da9b-4a7e-aed6-d96ff2a910c1} - (no file)
O2 - BHO: (no name) - {44A8C575-EB57-4AC0-9F71-6C1A0F7F58B1} - (no file)
O2 - BHO: (no name) - {4596DFB1-7667-4015-AEBB-6F48A35FB57C} - (no file)
O2 - BHO: (no name) - {5150765B-B59C-4AFF-B61E-8765EF96D7FE} - (no file)
O2 - BHO: (no name) - {5AC08AC9-142A-44BB-ABB7-1FDBED8196E2} - (no file)
O2 - BHO: (no name) - {67B3CF57-27B1-4FB1-AC67-9A2F9B8A416E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8D627E35-2C36-486C-BB30-EB5B4D9E3764} - (no file)
O2 - BHO: (no name) - {91441E15-A316-44BB-93FB-7357A8400602} - (no file)
O2 - BHO: (no name) - {A1364832-FEDB-4F07-AB00-54A3C343242C} - (no file)
O2 - BHO: (no name) - {A3518572-C340-49B6-9D41-D7999D6EF48E} - (no file)
O2 - BHO: (no name) - {B94D8523-0D7D-4288-92ED-F0ADAC3FADE4} - (no file)
O2 - BHO: (no name) - {cb6655ec-942d-45fb-a274-5acfa4216db0} - (no file)
O2 - BHO: {ef060590-da11-d83b-e744-d2409faef01d} - {d10feaf9-042d-447e-b38d-11ad095060fe} - (no file)
O2 - BHO: (no name) - {D8A04310-E60B-4DD0-96F3-06AED4D6C75E} - (no file)
O2 - BHO: JurToolbar - {DEE7B1F7-A014-477C-B0C5-23A51AA81DB5} - C:\WINDOWS\system32\hhahgxda.dll
O2 - BHO: (no name) - {DFF27B76-89A4-4ACD-A798-C315E990D77C} - (no file)
O2 - BHO: (no name) - {E44D2101-8C56-47D7-A648-86EDC4B445CE} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - AppInit_DLLs: potgic.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Apache Tomcat Tomcat6 (Tomcat6) - Apache Software Foundation - D:\xampplite\tomcat\bin\tomcat6.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)

--
End of file - 8430 bytes

@thewisecrab, thats his log file.. {the attachment system worked fine for me.. }

i'm no expert with all these Hijackthis logs but that appears clean to me ...

{ some expert please find out if there is anything suspicious and please point it out here... hope to learn from you guys }

 

[mrintech]

dude frankly scan your computer with following tools:

* Super AntiSpyware: *www.superantispyware.com/download.html
* a-Squared: *www.emsisoft.com/en/software/free/

I bet you your problem will be immediately solved if this is a spyware/virus attack.

Run full system scan with latest updates

 

[Quiz_Master]

@n6300 You are infected with adware. (I mean your pc ). The message you see is actualy an advertisement. The cause is you have some weird toolbars installed. (JurJooToolbar and ArcoIEHelper).See the log?

Download and Install Spybot Search and destroy from here: *www.spybot.com/en/mirrors/index.html
Then Download Its Updates From Here : *www.spybotupdates.biz/updates/files/spybotsd_includes.exe And Install it.

Do a scan of your PC in safe mode. This will remove the Adware.

Do let us know if you solve the problem

 

[mrintech]

@n6300 You are infected with adware. (I mean your pc ). The message you see is actualy an advertisement. The cause is you have some weird toolbars installed. (JurJooToolbar and ArcoIEHelper).See the log?

Download and Install Spybot Search and destroy from here: *www.spybot.com/en/mirrors/index.html
Then Download Its Updates From Here : *www.spybotupdates.biz/updates/files/spybotsd_includes.exe And Install it.

Do a scan of your PC in safe mode. This will remove the Adware.

Do let us know if you solve the problem

dude frankly speaking Spybot S & D has lost it's charm, though it was the king back in 2006-2007.

Wanna proof read: *www.techsupportalert.com/best-free-adware-spyware-scumware-remover.htm

superantispyware literally ROCKZ

Try it

 

[Cool Buddy]

I scanned my PC with spybot, did remove a few infections,but problem persists.
tried Advanced spyware remover free, removed 2 infections, still the problem persists.
tried super antispyware, removed 2 infections but the problem persists.
Tried adaware 2008, crashes in between the scan.
Thanks everyoe for the help. I think I'll reinstall windows.

 

[comp@ddict]

Or alternatively jus download KIS trial and scan, that works too

 

[toofan]

download combofix.exe. search for it in google. use it . first stop your antivirus.
secondly do a boot time scan of you system ( I use avast it has this setting) with antivirus and spybot search and destroy.

this will surely help you.

 

[skippednote]

You can go for a online scan or download avg 8 free edition.

 

[mrintech]

if you have fast internet connection than go for Kaspersky online scan: *www.kaspersky.com/virusscanner

No need to worry

 

[toofan]

don't forget to inform us.

 

[red_devil]

@n6300 You are infected with adware. (I mean your pc ). The message you see is actualy an advertisement. The cause is you have some weird toolbars installed. (JurJooToolbar and ArcoIEHelper).See the log?

i'm not the one who is infected { nor is my PC }... i just put the hijackthis log file of the thread starter in my post cos someone before me said the attachment system isn't working !!

 

[mrintech]

^^^

 

[toofan]

 

[Cool Buddy]

Spyware Terminator is not working either. I hope XP SP3 will be better in tackling malware, I have got a fresh copy.

 

[ubersoldat]

Hi,

U can use PC Tools Threatfire to wipe out all the Spware and Viruses. Also try using Windows Defender with an updated version.

U can try the following steps. Pls backup the Registry and Delele the following keys.
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\LClock\LClock.exe

O2 - BHO: JurToolbar - {DEE7B1F7-A014-477C-B0C5-23A51AA81DB5} - C:\WINDOWS\system32\hhahgxda.dll

Also, delete the entries with (no name) and (no file) generated by HijackThis. Ex:
O2 - BHO: (no name) - {cb6655ec-942d-45fb-a274-5acfa4216db0} - (no file)

Try to fix registry errors using Tune-Up utilities Registry Cleaner. I suspect u used some crack file, so the problem of Spyware has arised.

Bye

@Quiz Master . ArcoIEHelper (AcroIEHelper) from Adobe is a BHO for displaying PDF's in Internet Explorer I guess. Its not a spware.