HJT Log & Virus Scan Log Need Help Bad!!!!

I need help!!!

Logfile of HijackThis v1.97.7
Scan saved at 8:03:59 PM, on 1/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


C:\Documents and Settings\Owner\My Documents\downloads\HijackThis.exe


Aslo I ran the AVG 7.0 Virus this is what it found:

"C:\WINNT\GWMDMMSG.exe","ok","Quick checked"
"C:\WINNT\GWMDMpi.exe","ok","Quick checked"
"C:\WINNT\LOGI_MWX.EXE","ok","Quick checked"
"C:\WINNT\System32\SK9910DM.EXE","ok","Quick checked"
"C:\WINNT\System32\mshta.exe","ok","Quick checked"
"C:\WINNT\System32\navapq32.exe","ok","Quick checked"
"C:\WINNT\System32\rundll32.exe","ok","Quick checked"
"C:\WINNT\System32\shell32.dll","ok","Quick checked"
"C:\WINNT\System32\shimgvw.dll","ok","Quick checked"
"C:\WINNT\lmr.exe","ok","Quick checked"
"C:\WINNT\regedit.exe","ok","Quick checked"
"C:\autoprotect.exe","ok","Quick checked"
"c:\temp\salm.exe","ok","Quick checked"
"C:\WINNT\System32\kernel32.dll","ok","Quick checked"
"C:\WINNT\System32\wsock32.dll","ok","Quick checked"
"C:\WINNT\System32\user32.dll","ok","Quick checked"
"C:\WINNT\System32\shell32.dll","ok","Quick checked"
"C:\WINNT\System32\ntoskrnl.exe","ok","Quick checked"
"C:\temp\d0r1t1s.exe:\dorod.exe","Trojan horse BackDoor.Hacdef.2.G","Infected, Embedded object"
"C:\temp\d0r1t1s.exe:\ppi.exe","Trojan horse BackDoor.InvisibleFTP","Infected, Embedded object"
"C:\temp\d0r1t1s.exe:\van32.exe","Trojan horse HideWindow","Infected, Embedded object"
"C:\temp\d0r1t1s.exe","Trojan horse BackDoor.Hacdef.2.G","Infected, Archiv"
"C:\Documents and Settings\Owner\Local Settings\Temp\installer.exe","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000163.exe","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000164.dll","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000165.dll","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000166.dll","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000167.exe","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000168.exe","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000169.exe","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000170.exe","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000171.EXE","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000176.exe","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000185.exe","","Deleted"
"C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0000193.exe","","Deleted"
"C:\WINNT\system32\f0r0r\niamx","","Deleted"
"C:\WINNT\system32\f0r0r\van32.exe","","Deleted"


I need help bad!! Thanks for any help!!!

 

Hi R.E.C,

Your HijackThis is waaay out of date!

You should look in Add/Remove Programs for unwanted crap like BullsEye Network, EliteBar, etc. . . and uninstall them if found.


Generally, it is a good idea to start with the Cleanup Tutorial HERE:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal

There are only a few of us Volunteers who regularly offer advice in this forum. Running through the above Tutorial will remove a lot of stuff that would otherwise clog a HijackThis Log and save us valuable time.

Please let us know the steps that you are able to complete and the ones that give you problems. Note that you need to be in Safe Mode with System Restore OFF (if you have it) and have the Viewing of Hidden Files ENABLED as per the instructions in the link. Make sure to do the Online Scans.

Post back and let us know how you fared. Also, send us a HijackThis Log. Please be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!
Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I’m not around this forum too often these days, but somebody will probably take a look when they get a chance.

Best luck
PP

 

Went and got the new one here is what it found I don't know what to get rid of:



Logfile of HijackThis v1.97.7
Scan saved at 12:43:12 PM, on 1/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

HJT is still old - Try the link I left for you above.
Also, please locate HJT in the folder specified and ATTACH the log.

Somebody will take a look at your log when time permits!

PP

 

I think I have the right one now.Here is what I have ,Can anyone tell me what to get rid of?

 

Hello you are running HJT from your doc and settings folder. You will want to move it to a folder right on your drive. Something like this C:\hijackthis. Go ahead and do that then run it again and someone will surley analyze it soon enough. Hang in there!