anyone can help me check my hijackthis log?

<(^(oo)^)>

21 Feb 08, 09:25

http://www.mediafire.com/?dpydj4layxh

TIA

ndmmxiaomayi

21 Feb 08, 11:44

Please go to Virus Total or Jotti and upload C:\WINDOWS\system32\sochost.exe for scanning.

For Virus Total

Please copy and paste C:\WINDOWS\system32\sochost.exe in the text box next to the Browse button.
Click on Send File.

For Jotti

Please copy and paste C:\WINDOWS\system32\sochost.exe in the text box next to the Browse button.
Click on Submit.

Also do the following:

Please download and install CCleaner Slim.
Once installed, double click on the desktop shortcut created.
On the leftmost column, click on Tools.
On the middle column, click on Uninstall.
At the bottom right hand corner, click on the Save to text file... button.
By default, it saves this file to C:\Program Files\CCleaner named install.txt. You may want to save it to your desktop to find it easily. Click Save.
Close CCleaner.

Post back the scan results of the file and the CCleaner install.txt file.

<(^(oo)^)>

21 Feb 08, 14:49

Virus Total: 0 bytes size received / Se ha recibido un archivo vacio

Jotti: The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

CCleaner: http://www.mediafire.com/?2jggin1g34h

ndmmxiaomayi

21 Feb 08, 15:21

Download Combofix from Bleeping Computer. If you already have a copy of it, delete it as it's being updated regularly.

Double click to run it. After that, post back a new HijackThis log and the Combofix log.

Combofix log can be found C:\Combofix.txt

<(^(oo)^)>

21 Feb 08, 17:42

HijackThis log: http://www.mediafire.com/?79ndbtj1myd

Combofix log: http://www.mediafire.com/?3oznndh3tpg

ndmmxiaomayi

21 Feb 08, 17:55

Install Recovery Console first.

Click here - http://support.microsoft.com/kb/310994

Under On This Page, click on the Windows XP Service Pack 2 (SP2) link.

Save the file to your desktop. Drag this file into Combofix.

When done, Notepad will open. Copy and paste the contents of this Notepad file in your next reply.

Do not restart or shut down your computer until we have reviewed the log.

<(^(oo)^)>

21 Feb 08, 18:15

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

ndmmxiaomayi

21 Feb 08, 18:19

You can restart your computer or shut down your computer now. I need some time to finish looking through the whole log.

ndmmxiaomayi

22 Feb 08, 14:52

Hi,

Can you upload these 2 files to either Virus Total or Jotti for a scan. Instructions same as my first post to you.

C:\WINDOWS\system32\macsoin.dll

C:\WINDOWS\system32\comftm.exe

<(^(oo)^)>

22 Feb 08, 15:36

File: C:\WINDOWS\system32\macsoin.dll

<(^(oo)^)>

22 Feb 08, 15:48

File: C:\WINDOWS\system32\comftm.exe

ndmmxiaomayi

22 Feb 08, 16:24

Open Notepad and copy and paste the following in blue into Notepad:

http://www.sgforums.com/forums/2250/topics/308308

Collect::

C:\WINDOWS\system32\macsoin.dll

C:\WINDOWS\system32\comftm.exe

C:\WINDOWS\system32\kavsvc.sys

Warning: The above script is just for <(^(oo)^)> . If you are not <(^(oo)^)>, please do not use this script as it may damage the workings of your system.

Click on File > Save As....

In the File Name field, copy and paste in CFScript.txt. Do not change the file name.

Click Save.

Referring to the picture below, drag CFScript into Combofix.

Combofix will start running. When done, a log will be produced. Please post this log in your next reply.

In addition, it will prompt you to submit some files for analyzing.

Click OK.

Copy and paste the file path into the text box next to the Browse button (boxed up in red).

Click on Send File.

Post back the new Combofix log and a new HijackThis log.

<(^(oo)^)>

22 Feb 08, 17:11

HijackThis log: http://www.mediafire.com/?7viy94ezc5e

Combofix log: http://www.mediafire.com/?bmtxnmzdntv

ndmmxiaomayi

26 Feb 08, 12:45

Oops, missed your log.

Please download Malwarebytes' Anti-Malware and save it to a convenient location.
Double click on mbam-setup.exe to install it.
Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
Select the Scanner tab. Click on Perform full scan, then click on Scan.
Leave the default options as it is and click on Start Scan.
When done, you will be prompted. Click OK, then click on Show Results.
Checked (ticked) all items and click on Remove Selected.
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

Please post back the Malwarebytes' Anti-Malware scan report and a new HijackThis log.

<(^(oo)^)>

26 Feb 08, 18:05

haha... np...

Malwarebytes' Anti-Malware log: http://www.mediafire.com/?lipzuyi1whl

HijackThis log: http://www.mediafire.com/?9d1onxhmswe

ndmmxiaomayi

27 Feb 08, 17:05

Looks good so far.

Please go to Kaspersky website and perform an online antivirus scan. Please use Internet Explorer as it uses ActiveX.

Read through the requirements and privacy statement and click on [b]Accept[/b] button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
When the downloads have finished, click on Next button.
Click on Scan Settings button.
Select extended under Scan using the following antivirus database:
Check (tick) these boxes under Scan options:
- Scan Archives
- Scan Mail Bases
Click OK
Click on My Computer under Please select a target to scan:
Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
Copy and paste this log, as well as a new HijackThis log in your next reply.

<(^(oo)^)>

28 Feb 08, 08:41

HijackThis Log: http://www.mediafire.com/?bmmytsmziiz

Kaspersky Scan Result: http://www.mediafire.com/?dp2ml1kmgd1

ndmmxiaomayi

28 Feb 08, 14:44

Looks good.

If there are no other issues, remove Combofix. We no longer need it. Do not keep any tools.

Click on Start > Run and copy and paste in ComboFix /u

Picture below for reference.

You need to update Java. Download it from here - http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html

Also install a firewall -

<(^(oo)^)>

28 Feb 08, 21:51

Ok... Thx for ur help....

<(^(oo)^)>

1 Mar 08, 18:01

xiaomayi!!! I tink my pc is not fully cleaned... Ocassionally, my firefox will suddenly be opened to a site....

Here is my HijackThis log incase u need it.

http://www.mediafire.com/?z1y4ftln1ij

eagle

1 Mar 08, 18:22

Wah I want to learn all these also... After my final exams, I want to enrol into same malware sch as mayi

ndmmxiaomayi

2 Mar 08, 00:23

To what site?

ndmmxiaomayi

2 Mar 08, 00:28

Another thing. Why your Java is still not updated?

<(^(oo)^)>

2 Mar 08, 08:33

Guess i missed out tat step....
Btw the site is: http://amch.questionmarket.com/adscgen/invite.php?survey_num=404089&site=2&code=25087494&pic=gif&creativename=actnow_msn-300x250-3l-eng-nul&secs_up=60&type=1

And it appear twice since ytd....

<(^(oo)^)>

2 Mar 08, 08:59

Btw when i tried to install java or some other installation file, i am given with this error although it don't happen to every single of them...