Malwares Plz help

[Backdated]

There are rules to follow where infection detection, removal and prevention is concerned. If you cannot heed the first and cardinal rule then please do not offer advice on this matter; it's really as simple as that. If you cannot understand that, then users of this forum should be warned to ignore your "advice".

I've had many long years of experience in this game and I haven't lost a customer yet! I operate on facts and I abide by rules; rules that are in place for a very good reason.

Perhaps you think I enjoy wasting my time slagging off download sites for the fun of it. Well I can tell you now, I don't!
I certainly have no hidden agenda, do you?

[faizalb15]

Logfile of HijackThis v1.99.1
Scan saved at 2:12:44 PM, on 3/2/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\Program Files\Network LookOut\Net Monitor for Employees Professional\bin\NLSAgentSvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdui.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\computer\LOCALS~1\Temp\Rar$EX02.828\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.gov.mu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = **********
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ************;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -

[faizalb15]

http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = csodom.local
O17 - HKLM\Software\..\Telephony: DomainName = csodom.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E2DAED3-9B54-47EE-8810-DC16A7A64AA2}: NameServer = ***********
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = csodom.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{7E2DAED3-9B54-47EE-8810-DC16A7A64AA2}: NameServer = *************
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = csodom.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{7E2DAED3-9B54-47EE-8810-DC16A7A64AA2}: NameServer = ***************
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Net Monitor for Employees Agent (NMEmployeesAgent) - Unknown owner - C:\Program Files\Network LookOut\Net Monitor for Employees Professional\bin\NLSAgentSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe



As you have said i have downloaded the program
and here is the report

Plz let me know what to do next?

THanks

[dl65]

faizalb15...... I know you said you had run scans with your anti virus as well as
ad-aware and MCAfee Antispyware and nothing was found.  Did you run these scans from the safe mode ?

You mentioned you are connected to the net via a network (LAN) .....is this your network or one at work?

You also mentioned that your machine works perfectly when not connected to the network .  This would suggest that the issue may not be resident on your pc.

I also notice that you do not have SP2 installed .......Is there some reason you don't , as it has additional security items included which increase your protection.

Are you connected behind a router ?

I also notice you are using a proxy server ........ any particular reason why ?

If you can answer these questions , we can move along .

dl65  

[Backdated]

I can see a possibly very dangerous entry indeed that would cause the symptoms you first described but before I can disclose it I need to know more about the situation in which this computer is used.

As usual, there are a few unnecessary but non malicious entries.

[faizalb15]

i didnt installed sp2 because it makes my pc slow in performance.

Yea our company must use the proxy server to be connected to the internet

if we eliminate it wont get any access.

plz help me

[Fed]

Firewall?
I think your problems come from within your network.
Do you have an IT person?

[Backdated]

SP2 is not an option, it's a vital necessity.

This log can soon be amended and cleared but I need to have a chat to someone first.