Please Advice : Go thru my HijackThis Log..

[whistler]

Problem Facing : Lot of malware and adwares, No ICS, Slow surfing speed on tata indicom, viruses
OS : win98 SE

Log File :

Logfile of HijackThis v1.99.1
Scan saved at 11:54:32 AM, on 1/1/97
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\TATA INDICOM WIRELESS INTERNET SERVICE\TATAINDICOMDIALER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
" C:\WINDOWS\NOTEPAD.EXE "
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

" O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX "
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TataIndicomStartUp] C:\Program Files\Tata Indicom Wireless Internet Service\TataIndicomStartUp.exe
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\MCAFEE.COM\AGENT\MCREGWIZ.EXE /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKLM\..\RunServices: [HP Port Resolver] C:\WINDOWS\SYSTEM\hpbpro.exe
O4 - HKLM\..\RunServices: [HP Status Server] C:\WINDOWS\SYSTEM\hpboid.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

 

[swatkat]

Log looks clean. Do you have HP Officejet Printer? Perform an online virus scan at Panda, and save the log file it gives. Post the contents of the file.
*www.pandasoftware.com/activescan/

 

[whistler]

ok

ya i have officejet...and i will do the scan and post the content tommorow..
thnx swatcat !!

 

[whistler]

here's the panda scan

here's the panda scan

Incident                      Status                        Location                                                                                                                                                                                                                                                        

Adware:Adware/IGuard          No disinfected                C:\WINDOWS\SYSTEM\Loader.dll                                                                                                                                                                                                                                    
Adware:Adware/Tubby           No disinfected                C:\WINDOWS\SYSTEM\MTC.dll                                                                                                                                                                                                                                       
Adware:Adware/Tubby           No disinfected                C:\WINDOWS\SYSTEM\MTC.ini                                                                                                                                                                                                                                       
Virus:Trj/Small.AG            Disinfected                   C:\WINDOWS\TEMP\xwxload.exe                                                                                                                                                                                                                                     
Possible Virus.               No disinfected                C:\WINDOWS\Temporary Internet Files\Content.IE5\Z5YZZ7JO\sbar[1].exe                                                                                                                                                                                            
Virus:Exploit/ByteVerify      Disinfected                   C:\WINDOWS\Temporary Internet Files\Content.IE5\43KTKD6P\archive[1].jar[Mein.class]                                                                                                                                                                             
Virus:Exploit/ByteVerify      Disinfected                   C:\WINDOWS\Temporary Internet Files\Content.IE5\43KTKD6P\archive[1].jar[ProbeLoader.class]                                                                                                                                                                      
Virus:Exploit/ByteVerify      Disinfected                   C:\WINDOWS\Temporary Internet Files\Content.IE5\43KTKD6P\archive[1].jar[Dummy.class]                                                                                                                                                                            
Virus:Trojan Horse            Disinfected                   C:\WINDOWS\Temporary Internet Files\Content.IE5\43KTKD6P\archive[1].jar[Beyond.class]                                                                                                                                                                           
Adware:Adware/MSSearch        No disinfected                C:\bitmap.tmp

 

[swatkat]

Hi, thanks for the log!
Download CleanUp!, CWShredder, TrojanHunter, RegSupreme and install them. Dont run them now.

Open NotePad, copy the text inside the quote and paste it in NotePad.

@ECHO OFF
cd %windir%\system
attrib -s -r -h Loader.dll
attrib -s -r -h MTC.dll
attrib -s -r -h MTC.ini
del Loader.dll
del MTC.dll
del MTC.ini
exit

Then go to File> Save As and type filename as remove.bat and save it.

Boot in safe mode.
Run CleanUp!, click "Options", here move the slider to "Thorough CleanUp!" and click "OK" to the warning message and exit from Options window. Then click "CleanUp!" to clean the junk and after this click "Close" and click "No" to avoid restarting of PC.

Then double-click on the remove.bat file, it will run and close itself.

Run CWShredder and click "Fix".
Run TrojanHunter, and select all the partitions you have and click "Full Scan", remove anything that TrojanHunter may find. Run RegSupreme, click "OK" to it's message about some cache thing, and after this, select "Aggressive" and click "Start". After the scan, remove all the junk entries it may find.

Restart to Normal Mode. Post back the result of the CWShredder and TrojanHunter scans.

 

[whistler]

thnx..

got it...will do it and post the results 2morrow.

thnx very much swatcat..