Solve : Could someone take a look @ the logs, still awaiting expert he

1.	Solve : Could someone take a look @ the logs, still awaiting expert help as of25th feb.?
Answer» Please help asap as i need my laptop for uni work. I have done scans with different software which seem to detect different things like rootkit, trojan, cookies. Is there a way of getting rid of all this? I have used avg anti-virus, virgin broadband pc guard, ad-aware and a-squared free (by disabling the others whilst using one) In case you need to know: HP pavilion laptop dv6000series, windows vista. I have done the scans you recommend and have now posted the logs. [attachment deleted by admin]you had better say what security you have for the expertsgeist09: follow the steps outlines here attach the three logs to a post here, and a malware removal expert should be with you shortly. Oh... And good luck!I appreciate that the experts are busy but could somebody please take a look at the logs and help me as soon as they can. I really need to use my laptop for my work,etc. Thanks in advance.geist09 , an expert just has , do as he said and he will come back to you , harry harry, i have done what that expert has said and am waiting.ok , i see you added them to your first post , you should always add them on a seperate post in your topic so the experts can see that its done Quote from: harry 48 on February 15, 2009, 04:22:12 PM ok , i see you added them to your first post , you should always add them on a seperate post in your topic so the experts can see that its done You always attach them to your first post unless otherwise instructed.O , thats new on me I beg the experts to help me please. I need to meet university coursework deadline by next week and also need to MAKE a payment.Hello geist09. Sorry for the delay. Download random's system information tool (RSIT) by random/random from and save it to your DESKTOP. Double click on RSIT.exe to run. Click Continue at the disclaimer screen. Once it has finished, two logs will open. log.txt <will be maximized and info.txt <will be minimized Please post the contents of both logs in the next reply. Also tell me what antivirus you want to keep. There are 3 installed and you only need one. Multiple only causes problems and actually offers less protection.Thanks for responding. I have added them as downloads again because they are too big to post. If you mean the anti-virus software i originally downloaded, then I would like to keep virgin pc guard. [attachment deleted by admin]This should improve things greatly. Disable Windows Defender We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make. Open Windows Defender Click on Tools > OPTION Scroll down and uncheck Use real-time protection (recommended) After you uncheck this, click on the Save button and then exit Windows Defender Now on your keyboard press and hold Ctrl+Alt and then press the Delete key tow times to bring up the Task Manager. Locate MSASCui.exe then right click on it and choose End Process. Click Yes on the Task Manager Security Warning. . After all of the fixes are complete it is very important that you enable real-time protection again. ---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101677&l=dis R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O4 - HKLM\..\Run: [Symantec PIF AlertEng] \"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe\" /a /m \"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll\" O4 - HKLM\..\Run: [McAfeeUpdaterUI] \"C:\Program Files\McAfee\Common Framework\UdaterUI.exe\" /StartedFromRunKey O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe . Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Go to Add or Remove Programs and uninstall: avast! Antivirus Java(TM) 6 Update 5 Java(TM) 6 Update 7 Java(TM) SE Runtime Environment 6 LiveUpdate 3.2 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) . ---------- Download the Norton Removal Tool (SymNRT) to your Desktop. Once downloaded please close ALL open browsers, also save any work because this may require a restart. Go to your desktop and double click on the removal tool and then click Setup. Once open Click Next Accept the license agreement and click Next Type in the letters/numbers that you see into the text box then click Next. Then click Next and the tool will start running. Once finished restart the PC and run the tool again to ensure everything has been removed. Delete Nortonremoval tool from your Desktop. . ---------- Download the McAfee CONSUMER Product Removal Tool to your Desktop. Using McAfee Consumer Product Removal tool: Double click the MCPR.exe A Command Line window will be displayed, and then close automatically. Wait for a second Command Line window to be displayed. Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear. After the second window appears, the program will begin the cleanup. Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window: The machine must reboot to complete the un-installation. Reboot now? [y.n] Press Y on the keyboard. Wait for the computer to restart. All McAfee products are now removed from your computer. . ---------- Download the OTMoveIt3 by OldTimer Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator. * Save it to your Desktop. * Double-click OTMoveIt3.exe to run it. * Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy) Code: [Select]:Processes explorer.exe :services :reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Symantec PIF AlertEng"=- "McAfeeUpdaterUI"=- "avast!"=- :files C:\ProgramData\McAfee C:\Program Files\AVG C:\Program Files\Common Files\Symantec Shared C:\Program Files\McAfee C:\Program Files\Alwil Software C:\Program Files\Symantec C:\Windows\tasks\Ad-Aware Update (Weekly).job :Commands [purity] [emptytemp] [start explorer] * Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. * Click the red Moveit! button. * Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or FOLDER cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. ---------- Please post the OTMoveIt3 log in the next reply. .ok problem using mcpr.exe. When the first command box appears it says: Mcafee Enterprise software detected cannot continue please contact mcafee technical support. What should I do?

Solve : Could someone take a look @ the logs, still awaiting expert help as of25th feb.?

Answer»

Please help asap as i need my laptop for uni work. I have done scans with different software which seem to detect different things like rootkit, trojan, cookies. Is there a way of getting rid of all this?
I have used avg anti-virus, virgin broadband pc guard, ad-aware and a-squared free (by disabling the others whilst using one)

In case you need to know: HP pavilion laptop dv6000series, windows vista.

I have done the scans you recommend and have now posted the logs.

[attachment deleted by admin]you had better say what security you have for the expertsgeist09: follow the steps outlines here

attach the three logs to a post here, and a malware removal expert should be with you shortly.

Oh... And good luck!I appreciate that the experts are busy but could somebody please take a look at the logs and help me as soon as they can. I really need to use my laptop for my work,etc. Thanks in advance.geist09 , an expert just has , do as he said and he will come back to you , harry harry, i have done what that expert has said and am waiting.ok , i see you added them to your first post , you should always add them on a seperate post in your topic so the experts can see that its done Quote from: harry 48 on February 15, 2009, 04:22:12 PM

ok , i see you added them to your first post , you should always add them on a seperate post in your topic so the experts can see that its done

You always attach them to your first post unless otherwise instructed.O , thats new on me I beg the experts to help me please. I need to meet university coursework deadline by next week and also need to MAKE a payment.Hello geist09. Sorry for the delay.

Download random's system information tool (RSIT) by random/random from and save it to your DESKTOP.

Double click on RSIT.exe to run.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open.
log.txt <will be maximized and info.txt <will be minimized
Please post the contents of both logs in the next reply.

Also tell me what antivirus you want to keep. There are 3 installed and you only need one. Multiple only causes problems and actually offers less protection.Thanks for responding. I have added them as downloads again because they are too big to post. If you mean the anti-virus software i originally downloaded, then I would like to keep virgin pc guard.

[attachment deleted by admin]This should improve things greatly.

Disable Windows Defender

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

Open Windows Defender
Click on Tools > OPTION
Scroll down and uncheck Use real-time protection (recommended)
After you uncheck this, click on the Save button and then exit Windows Defender
Now on your keyboard press and hold Ctrl+Alt and then press the Delete key tow times to bring up the Task Manager.
Locate MSASCui.exe then right click on it and choose End Process. Click Yes on the Task Manager Security Warning.

.
After all of the fixes are complete it is very important that you enable real-time protection again.

----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101677&l=dis
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKLM\..\Run: [Symantec PIF AlertEng] \"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe\" /a /m \"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll\"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] \"C:\Program Files\McAfee\Common Framework\UdaterUI.exe\" /StartedFromRunKey
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

.
Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Go to Add or Remove Programs and uninstall:

avast! Antivirus
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)

.
----------

Download the Norton Removal Tool (SymNRT) to your Desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

Go to your desktop and double click on the removal tool and then click Setup.
Once open Click Next
Accept the license agreement and click Next
Type in the letters/numbers that you see into the text box then click Next.
Then click Next and the tool will start running.
Once finished restart the PC and run the tool again to ensure everything has been removed.
Delete Nortonremoval tool from your Desktop.

.
----------

Download the McAfee CONSUMER Product Removal Tool to your Desktop.
Using McAfee Consumer Product Removal tool:

Double click the MCPR.exe
A Command Line window will be displayed, and then close automatically.
Wait for a second Command Line window to be displayed.

Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.

After the second window appears, the program will begin the cleanup.
Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window: The machine must reboot to complete the un-installation. Reboot now? [y.n]
Press Y on the keyboard.
Wait for the computer to restart.
All McAfee products are now removed from your computer.

.
----------

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]:Processes
explorer.exe

:services

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"=-
"McAfeeUpdaterUI"=-
"avast!"=-

:files
C:\ProgramData\McAfee
C:\Program Files\AVG
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\McAfee
C:\Program Files\Alwil Software
C:\Program Files\Symantec
C:\Windows\tasks\Ad-Aware Update (Weekly).job

:Commands
[purity]
[emptytemp]
[start explorer]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or FOLDER cannot be moved immediately you may be asked to reboot your computer in order to finish the move process.

----------

Please post the OTMoveIt3 log in the next reply.

.ok problem using mcpr.exe. When the first command box appears it says: Mcafee Enterprise software detected cannot continue please contact mcafee technical support. What should I do?

Solve : Could someone take a look @ the logs, still awaiting expert help as of25th feb.?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment