ROASTM'S got an issue with virus/needs help with hijack this

Um i got a person using my hardrive space from something, i really dont know. Well it is alittle bit of a nusiance and i have done several virus scans and deleted dome files, but in hikack this i dont know what to delete and what to keep?

If anyone can help me please answer back
THANK A LOT.

Heres my hijack this log file


I HATE VIRUS AND PEOPLE STEALING MY HARD DRIVE SPACE!

 

You have one of the oldest versions of HJT I have seen in a while LOL!

First:
Please update your version of Hijack This.

• Hijack This 1.99.1

Second:
Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:
Click START > My Computer > Local Disc C: > Program Files
Now, RightClick on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:
Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
(C:\Program Files\HJT) and click Next.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.

Third:
Run these online virus scans and post your results!

TrendMicro Online Scan
Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan

After doing ALL of the above, post a fresh HJT log as an attachment to your post.

 

i did the trendmicro scan and the results were no viruses.
This was last night, and i am now scaning with the three other programs you've listed. Ill find out the results soon.

THNXS

 

Ok i finished all the scans you mentioned and did another scan with hijack this 1.99.0.1.

Heres the hijack this log file

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

WeatherBug

Viewpoint

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.


Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:

ViewMgr.exe

Weather.exe

iexplore.exe <-- End every instance of this process as requested!


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM32\NZDD.DLL

O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

O16 - DPF: Win32 Classes -
O16 - DPF: {9C813B33-52A2-466D-8C51-EB4189C1FF98} - http://image.imgfarm.com/images/nocache/aornumIWRLV1.3.0.1.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\AWS ←–– Delete this whole folder if it exist!

C:\Program Files\Viewpoint ←–– Delete this whole folder if it exist!

C:\WINDOWS\System\blank.htm

C:\WINDOWS\System32\NZDD.DLL

NEXT:
Run CCleaner

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

um what view point
1-viewpoint manager
2-viewpoint media player

just wondering
THNX

 

Anything Viewpoint, so uninstall both!

 

ok i did what u said, (oh and i figured out i should delete both viewpoints) and rescanned with hijack this

My disk space looks like its at where it should be. So thanks a lot u and ur website were a great help.

Heres the log form hijack this

 

Your HJT log is clean!

Are you having any further problems?

 

um thanks alot man u were a great help, so far no problems.
If any occur ill inform u, and once again thnxs for all ur help.

God i hate computers, LOL

 

Good Deal!

You should see this article on How to Protect yourself from malware!

 

hey i guess im still losing hard drive space. So what do I do now?
The only thing i can think of is i downloaded steam inorder to play cs. I noticed it was a Win32 file from www.steampowered.com. I didnt think it was an issue but could u check my hijack this file. Oh and i got a anti virus(antivirus-personal edition) program and did a few scans with my anti virus programs. Nothing came up. Thnxs a lot!

 

Your HJT log is clean!

What problems are you currently having?

 

Um, my disk space is slowly decresing while im online, and while playing online games like Halo, and Counter Strike my connection is a lot slower than usual. The only thing i can think is i downloaded counter strike(or the steam program at least) and since then I've noticed im slowly losing disk space. Maybe its just me. The only things Ive recently installed was Counter Strike,, Call of Duty(i only play offline), and those anti-virus programs u recomended.

I just dont know what is goin on LOL.

Just wondering if u had some imput

THNXS

 

Since this most likely isnt Malware related I would recommend posting this in the Software Forum. Those guys will get you all fixed up.

 

hey im not getting any help

u know some one who can

Sry to bother u, thnxs

 

Be patient, this is a busy forum. Someone will get to you when time permits. There are only a few users who come in all the time and help users.

 

Ok, sorry, I'm just really sick of all these internet/software issues. Want to be completely rid of them, if that will ever happen, LOL

 

I understand your frustration, hang in there

 

hey long time no talk.

heres a hijack this file becuase i got another viewpoint thing installed on my computer. It was sending hardrive space again, but as soon as i got rid of it my space came back, but could u check to see what other junk is on my comp. thnxs.

 

Scan with HijackThis and Check the Boxes for the following:

O2 - BHO: AIM Helper - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\Program Files\AIM Toolbar\aimhelper.dll (file missing)

O4 - HKCU\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r
O4 - HKCU\..\RunOnce: [Inetreg] C:\Program Files\InstallShield Installation Information\{E2D27B84-6365-11D6-9BAF-0090271AF8A4}\Setup.exe /i_again -s

Make sure All Browser Windows are Closed when you Click FIX.

Other than these few entries your log looks clean, are you having any problems?

 

thnxs

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

 

hey its me again... just wondering if u could just check this hi-jack this file, thanks a lot.

 

That HJT log is clean!

 

umm well i got a question. u know the windows updates that periodically come up and are on the taskbar on the desktop. well they always inatall themselves when i shut down. but this one wont. so im wondering if its not actually an update, but a fake. just wondering cause i have been having issues with lossing hard drive space and ive done several scans with both a2 and antivir-personal edition, as well as spybot and simple stuff like that. they all say its clean. i thought maybe it was the program steam, for cs. like maybe i got something from someones server, but i dont know. this seems really wierd. like all i've done is uninstall programs to free up space.

if this bugs the shit out of u with all these questions then say so, but u have been such a help and i've been the annoying questioner, lol.

thanks a lot!

 

also i have another question how could i learn to know what to delete and what to save on hijack this. im kinda curious on learning this stuff.

sry another question

 

There have been several updates recently due to recent WORMS so I would recommend surfing in to windows updates to confirm you have all of the current updates.

 

The best place to start is browsing thru the threads we have. The next thing, get different logs from the net and analyze them in some of the online HJT log analyzer, but be aware they are NOT 100% accurate but are close. Be careful what you remove with these, knowing which one to remove is something you will have to pick up as time goes by.

Also, doing it everyday all day helps to! LOL

 

hey thanks a lot

 

Your Welcome!