I have a machine with Possibly several spyware/malware issues. Could someone have a look at this log and see what you think needs removing thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52:56, on 05/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Just so you know - you likely have acquired a backdoor/often password stealing capable Trojan that COULD create serious compromises and concerns (passwords, banking, identity theft, etc.).
PLEASE CONSIDER THE FOLLOWING ISSUES CAREFULLY: Your system has likely been compromised to a point where even cleaning it does not promise you a trustworthy machine. There is a lot of serious concern about the SDBOT infection family which your PC has presently encountered and its known updateable/installable capabilities whether currently in use or not - SEE: (20K hits for inclusive search terms SDBOT, banking, password, and keylogger).
If you do online banking or have passwords that would be a serious concern in the hands of others (identity theft or compromise of confidential information), then more serious action is likely advisable and potentially warranted (contacting and alerting bank(s), backup user files, do a clean re-install, and change all user passwords while off-line). More often than not they want your PC as a compromised zombie (a botnet/spambot member to do evil deeds) – but who is to know.
Nevertheless, initial and further cleaning may still be warranted to give you some renewed degree of control and then time to more fully consider your options. Let us know how you wish to proceed.
Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log.
Tell me and I forget; show me and I remember; involve me and I understand. There are no foolish questions, the only thing foolish is not asking if you're unsure of something. Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
i have ran the the fix tool but at the same time as i ran it the monitor died so im not sure how successful it has been altho the pop ups seem to have abated here is the 2nd hi jack this log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:03, on 05/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
SDFIX removed 3 lines of interest, as expected (and possibly other unknowns).
Please disable the ‘active protection’ components of the following application(s), as it/they may hinder the removal of some entries. Otherwise, certain cleaning attempts may be wrongly recognized and blocked as hijacking attempts or other potentially inappropriate behavior. You can re-enable such tools after your computer is clean.
Disable Windows Defender
Open Windows Defender
Click Tools
Click General Settings
Scroll down to Real Time Protection Options
Uncheck Turn on Real Time Protection (recommended)
Close Windows Defender
SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:
O4 - HKLM\..\Run: [D4FBBE68] rundll32.exe "C:\WINDOWS\system32\cfnvkqeo.dll",b
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O19 - User stylesheet: C:\WINDOWS\default.css (file missing)
Make sure that all browser windows and internet links are closed, even this one! CLICK ’FIX CHECKED’ with HijackThis.
* Please download Malwarebytes' Anti-Malware from HERE or HERE
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked , and click Remove Selected.
When disinfection is completed , a log will open in Notepad and you may be prompted to Restart(See Extra Note).
A run log is automatically saved by MBAM and can be viewed by clicking the Logs TAB in MBAM.
Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
Tell me and I forget; show me and I remember; involve me and I understand. There are no foolish questions, the only thing foolish is not asking if you're unsure of something. Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
