• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0

Virus overload

8 posts in this topic

My PC was infected couple of months ago, and I stopped using it completely until now. I thought if I formatted and reinstall Windows XP, all problems would be solved but my anti virus still shows the computer as infected. Avira can't update, it says the program to execute has been destroyed. I'm getting trojan alerts when I click anything and everything. Firefox is acting slow. Please check my HJT log see if there's anything wrong here.


Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:14:40 AM, on 7/6/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:








C:\Program Files\Avira\AntiVir Desktop\sched.exe


C:\Program Files\Avira\AntiVir Desktop\avgnt.exe


C:\Program Files\Avira\AntiVir Desktop\avguard.exe


C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Y2J\Desktop\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Softwares\BitComet\tools\BitCometBHO_1.3.3.2.dll


O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Softwares\SuperAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Softwares\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Softwares\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Softwares\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Softwares\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{91EBC6BD-45BB-4C29-82BE-C8A7388957EC}: NameServer =,

O20 - Winlogon Notify: !SASWinLogon - D:\Softwares\SuperAntiSpyware\SASWINLO.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe



End of file - 2797 bytes

Share this post

Link to post
Share on other sites

Hello raven.1911



It may take some time and couple of attempts to provide you with the right help. Many of today's infections are advanced and install other infections on the computer.

It's almost impossible to remove the entire infection and to check for leftovers in one go. Please be patient. :)


Are you familiar with Bangladesh Dhaka Internet Access & Telecom Carrier Service Provider?



Please download ATF Cleaner. Save it to your Desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.

If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.




Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Please download Malwarebytes' Anti-Malware from Here or Here


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.


If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK for either of the prompts and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.




Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner



In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command.


If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component


Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.



To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Please post the Kaspersky Online Scanner Report , MBAM log and the contents of checkup.txt in your next reply for further review.


Best regards



Edited by e-tech

Share this post

Link to post
Share on other sites

I am sorry about the delay , i am from BANGLADESH , I am sending you the reports of my computer




Results of screen317's Security Check version 0.98.4

Windows XP Service Pack 2

Out of date service pack!!


Antivirus/Firewall Check:


Windows Firewall Enabled!


Antivirus up to date!


Anti-malware/Other Utilities Check:


SUPERAntiSpyware Free Edition

Malwarebytes' Anti-Malware

HijackThis 2.0.2

Java 6 Update 14

Adobe Flash Player 10


Process Check:

objlist.exe by Laurent


Avira Antivir avgnt.exe

Avira Antivir avguard.exe


DNS Vulnerability Check:




Scan took 44 seconds.

`````````End of Log```````````KASPERSKY ONLINE SCANNER 7.0 REPORT

Saturday, July 11, 2009

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner version:

Program database last update: Saturday, July 11, 2009 04:36:59

Records in database: 2459280



Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes


Scan area - My Computer:








Scan statistics:

Files scanned: 21971

Threat name: 0

Infected objects: 0

Suspicious objects: 0

Duration of the scan: 00:12:14


No malware has been detected. The scan area is clean.


The selected area was scanned.


Malwarebytes' Anti-Malware 1.38

Database version: 2375

Windows 5.1.2600 Service Pack 2


7/5/2009 9:22:38 PM

mbam-log-2009-07-05 (21-22-38).txt


Scan type: Quick Scan

Objects scanned: 75797

Time elapsed: 56 second(s)


Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 4


Memory Processes Infected:

(No malicious items detected)


Memory Modules Infected:

(No malicious items detected)


Registry Keys Infected:

(No malicious items detected)


Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.


Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.


Folders Infected:

(No malicious items detected)


Files Infected:

c:\WINDOWS\system32\olhrwef.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\i6g6x.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Documents and Settings\Y2J\Local Settings\Temp\olhrwef.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Share this post

Link to post
Share on other sites

Hello raven.1911 :)


Well done!


DNS Vulnerability Check showed that your DNS is vulnerable. Please consider using http://www.opendns.com/homenetwork/solutions/

OpenDNS is a free, closed-source, DNS resolution service.



Please run a scan with Trend Micro Rootkit Buster.

Download Trend Micro Rootkit Buster from here.

  • Unzip it to your Desktop.
  • Open the extracted folder and doubleclick RootkitBuster.exe
  • Press Scan.

When finished you'll be asked "Do you want to view log file". Press "Yes" and paste the containts of the log in your next reply.

If any infections found, please choose Delete Selected Items.



Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply along with the Rootkit Buster log.


How's your computer performing now?


Best regards



Share this post

Link to post
Share on other sites

:wave:Hi raven.1911!!!


Is everything alright?

Share this post

Link to post
Share on other sites

Sorry for the delay u know that i am from bangladesh and i have to face lot of unusual problems, but look on the bright side my computer is all fixed thanks to you , you the best

Share this post

Link to post
Share on other sites

Sounds good!


Please consider updating to Windows XP SP3. It is now available via Windows Update or as a standalone installation here: http://www.microsoft.com/downloads/details...;displaylang=en



Please navigate to http://windowsupdate.microsoft.com and download all the "Critical Updates" for Windows. These will patch many of the security holes through which attackers can gain access to your computer. Your current versions appear to be outdated.


Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.


Best regards



Edited by e-tech

Share this post

Link to post
Share on other sites

Glad we could help. :)


If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.
Sign in to follow this  
Followers 0